RedirectFromLoginPage not working...
Hi,
I seem to have hit a wall with this one and id be grateful for any help.
I have the following code AFTER a user is authenticated:
If Request.QueryString("Retur
Response.Redirect("main.as
Else
FormsAuthentication.Redire
End If
Without touching the <authorization> section of the web.config I understand that by default you get:
<authorization>
<allow users="*" />
</authorization>
However, if an unauthenticated user attempts to view a page they are NOT redirected to the login page.
Adding the following has a different affect:
<authorization>
<deny users="?" />
</authorization>
The above example has a strange behaviour - it redirects an unauthenticated user to the login page WITH a ReturnURL BUT..........when a user is authenticated (correctly) on the login page they are redirected back to .... the login page! (with a ReturnURL).
Logging in the 2nd time redirects you to the desired home page.
Not really sure what I have done :P but I am confused now.
The other part of my web.config is as follows:
<authentication mode="Forms">
<forms name=".iMedia" loginUrl="index.aspx" defaultUrl="index.aspx" timeout="999" protection="All" path="/" slidingExpiration="True"/>
</authentication>
I would like for unauthenticated users who access a secure page to be redirected to the login page with a ReturnURL.
And to be able to login successfully first time!
Please note that I am not using ASP.NET Membership, but my own database authentication method.
thanks.
ks
I seem to have hit a wall with this one and id be grateful for any help.
I have the following code AFTER a user is authenticated:
If Request.QueryString("Retur
Response.Redirect("main.as
Else
FormsAuthentication.Redire
End If
Without touching the <authorization> section of the web.config I understand that by default you get:
<authorization>
<allow users="*" />
</authorization>
However, if an unauthenticated user attempts to view a page they are NOT redirected to the login page.
Adding the following has a different affect:
<authorization>
<deny users="?" />
</authorization>
The above example has a strange behaviour - it redirects an unauthenticated user to the login page WITH a ReturnURL BUT..........when a user is authenticated (correctly) on the login page they are redirected back to .... the login page! (with a ReturnURL).
Logging in the 2nd time redirects you to the desired home page.
Not really sure what I have done :P but I am confused now.
The other part of my web.config is as follows:
<authentication mode="Forms">
<forms name=".iMedia" loginUrl="index.aspx" defaultUrl="index.aspx" timeout="999" protection="All" path="/" slidingExpiration="True"/>
</authentication>
I would like for unauthenticated users who access a secure page to be redirected to the login page with a ReturnURL.
And to be able to login successfully first time!
Please note that I am not using ASP.NET Membership, but my own database authentication method.
thanks.
ks
ASKER
Hi,
Unfortunately that does not make any difference, the behaviour stays the same.
The problem is that when <deny users="?" /> is included the following redirect does not work 1st time on initial log in:
Response.Redirect("main.as
And if I leave this out, then unauthorized page requests will not be redirected to the login page.
thx.
Unfortunately that does not make any difference, the behaviour stays the same.
The problem is that when <deny users="?" /> is included the following redirect does not work 1st time on initial log in:
Response.Redirect("main.as
And if I leave this out, then unauthorized page requests will not be redirected to the login page.
thx.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi sami,
Thanks for your response.
That appears to be working - i will give you an update after some testing.
Is there anything i need to do with the cookie when signing out?
thanks.
Thanks for your response.
That appears to be working - i will give you an update after some testing.
Is there anything i need to do with the cookie when signing out?
thanks.
If you are using LoginStatus Control .... basically no.
But to be on safer side ...call to these two methods should work.
Session.Abandon()
FormsAuthentication.SignOu
But to be on safer side ...call to these two methods should work.
Session.Abandon()
FormsAuthentication.SignOu
ASKER
Sorry for the late reply, but yes, it seems to be working fine.
Thank you.
Thank you.
If Request.QueryString("Retur
Response.Redirect("main.as
Else
Response.Redirect(txb_User
OR
Response.Redirect(Request.
End If
Since you have already authenticated the user... why even bother dealing with the forms authentication object to redirect your user?
Cheers!