Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 255
  • Last Modified:

url redirect

I have a redirect that sends people to the loging page if they haven't logged in yet or their login session variable is null or = 0

But...lets sya they have a page in favorites...or anywhere for that matter and they paste it into the browser...

How do I do a redirect to THAT page on login instead og login>home.aspx?
0
lrbrister
Asked:
lrbrister
  • 5
  • 5
  • 2
  • +2
1 Solution
 
guru_samiCommented:
You should use FormsAuthentication and deny anonymous user access to your site.
This has to be done in your root web.config.

What kind of authentication your are using ...any more info?
0
 
mohan_sekarCommented:
You cannot unless the page is static...meaning, the page doesn't require any authentication.
0
 
lrbristerAuthor Commented:
Hey guys...

This is the authentication info in the web.config

<authentication mode="Forms">
      <forms name="Login" loginUrl="Default.aspx" protection="All" path="/" timeout="30" cookieless="UseCookies" />
    </authentication>
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
guru_samiCommented:
Add this to your web.config
<authorization>
<deny users="?"/>
</authorization>

This will force everyone who is not logged-in to go to your loginUrl="Default.aspx"
0
 
crazymanCommented:
Your login url will have a querystring parameter passed in called ReturnURL.

After auth you can call FormsAuthentication.RedirectFromLoginPage to redirect to originally requested page.

http://msdn.microsoft.com/en-us/library/ka5ffkce.aspx
0
 
M3mph15Commented:
Hi,

Check for the login session variable. If there isnt one (or null) save the url of the page they are currently at into another session variable.

Then when they log in check for that second session variable containing the url. If it exists then redirect to that page, if not redirect to home.aspx.

HTH
-M3mph15
0
 
lrbristerAuthor Commented:
M3mph15:
How do I save the url of the page they are at?
0
 
guru_samiCommented:
can you share the code where you are authenticating the user and redirecting them to home page.
Are you using asp.net Login control ? If so share the markup for that control as well.
0
 
lrbristerAuthor Commented:
guru_sami:
I have the web.config code above.  Anyone that clicks on a saved link gets redirected to Default.aspx if their session("logged") isn't = 1

What I want is a method so that if someone saves "http://www.mydomain.com/memberHome.aspx" in their favorites...

They click on that and when the page loads...capyures that links url and saves as Session("fromUrl")

Once they login I'll simply have them redirected to that url...if it exists...or to the default home page if it doesn't exist.
0
 
guru_samiCommented:
Yes...I understand the problem...but looks we need to know how you are setting FormsAuthentication Cookie and why the FormsAuthenticaiton is redirecting you to defaultUrl and not the ReturnUrl.
So if you can share your authentication code and Login Markup(if using login control) we might get more idea to help you solve the problem.
0
 
M3mph15Commented:
Dim url As String = Request.Url.ToString
Session.Add("Redir", url)
0
 
lrbristerAuthor Commented:
Ok folks...per guru_sami

When anyone comes to our site they arte automatically redirected to the login page...

See the attached snippets...
--PAGE LOAD EVENT--
Protected Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
        If Not IsPostBack Then
            lblMessage.Visible = False
            If Not IsPostBack Then
                If Not Request.Cookies("InfinityUserName") Is Nothing Then
                    strUserName.Text = Request.Cookies("InfinityUserName").Value.ToString
                    cbRememberMe.Checked = True
                    strPassword.Focus()
                Else
                    strUserName.Text = ""
                    cbRememberMe.Checked = False
                    strUserName.Focus()
                End If
 
 
            End If
        End If
    End Sub
 
--Bottom of login click---
Session("IndividualLevelType") = I.IndividualLevelType
                Session("IndividualLevelTypeCode") = I.IndividualLevelTypeCode
                Session("IndividualLevelTypeID") = I.IndividualLevelTypeID
                Session("LanguageTypeID") = I.LanguageTypeID
                Session("ExternalID") = I.ExternalID
                Session("DefaultHotel") = I.DefaultHotel
                Session("FirstName") = I.FirstName
                Session("LastName") = I.LastName
                Session("EmailAddress") = I.EmailAddress
                Session("DateAdded") = I.DateAdded
                Session("MemberSinceMonths") = I.MemberSinceMonths
 
                Dim ex As New Experiences
                ex.SelectExperiencesCommaRemoveIndividual(0, "", 0, "1", Session("IndividualExperienceID"))
                Session("ExperienceIDComma") = ex.ExperienceIDComma
 
                If cbRememberMe.Checked Then
                    Dim c As New HttpCookie("InfinityUserName", Trim(strUserName.Text))
                    c.Expires = DateTime.Now.AddYears(1)
                    HttpContext.Current.Response.Cookies.Add(c)
                Else
                    Dim c As New HttpCookie("InfinityUserName", strUserName.Text)
                    c.Expires = DateTime.Now().AddYears(-2)
                    Response.Cookies.Add(c)
                End If
 
                If ResetPassword = True Then
                    Response.Redirect("RegistrationWelcome.aspx")
                Else
                    Response.Redirect("MemberHome.aspx")
                End If

Open in new window

0
 
guru_samiCommented:
Looks your application is not taking full advantage of FormsAuthentication.
1: Adjust your authentication and authorization sections in web.config to look like this:

<authentication mode="Forms">
      <forms name="Login" loginUrl="Default.aspx" defaultUrl="MemberHome.aspx" protection="All" path="/" timeout="30" cookieless="UseCookies" />
    </authentication>
<authorization>
<deny users="?"/>
</authorization>

2: Now say we don't want to break you current working application. So we will simply add FormsAuthenticationCookie(FAC) without removing any of your code. Once thats working we can make adjustment to remove some of your code that would be redundant due to addition of FAC.

If cbRememberMe.Checked Then
                    Dim c As New HttpCookie("InfinityUserName", Trim(strUserName.Text))
                    c.Expires = DateTime.Now.AddYears(1)
                    HttpContext.Current.Response.Cookies.Add(c)
                Else
                    Dim c As New HttpCookie("InfinityUserName", strUserName.Text)
                    c.Expires = DateTime.Now().AddYears(-2)
                    Response.Cookies.Add(c)
                End If
                 ------Adding FormsAuthenticationCookie-------
            Dim username As String      = strUserName.Text    'your username text
            Dim issuedDate As DateTime =  DateTime.Now  'cookie issued date
            Dim expirationDate As DateTime = DateTime.Now.AddMinutes(30), 'ExpirationDate
            Dim isPersistent As Boolean = cbRememberMe.Checked  'Remember Me Checkbox value
            Dim userData As String = "UserData"  'could be anything or even String.Empty

   
      Dim ticket As FormsAuthenticationTicket = New FormsAuthenticationTicket(1, _
        username, _
        issuedDate , _
        expirationDate, _
        isPersistent, _
        userData, _
        FormsAuthentication.FormsCookiePath)

      ' Encrypt the ticket.
      Dim encTicket As String = FormsAuthentication.Encrypt(ticket)

      ' Create the cookie.
      Response.Cookies.Add(New HttpCookie(FormsAuthentication.FormsCookieName, encTicket))

    ------End of FAC--------------
   ----Some modification in below redirect check ------
                If ResetPassword = True Then
                    Response.Redirect("RegistrationWelcome.aspx")

-----Check if ReturnUrl is not null then redirect them to their requested page

                Else If Request.Params("ReturnUrl") IsNot Nothing Then
                    Response.Redirect(Request.Params("ReturnUrl").ToString )
               Else
                    Response.Redirect("MemberHome.aspx")
                End If

Now set breakpoints while you debug and let us know the result.
Ref:
http://msdn.microsoft.com/en-us/library/system.web.security.formsauthenticationticket.aspx
0
 
lrbristerAuthor Commented:
Great!  Thanks
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 5
  • 5
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now