sglew
asked on
Login pop-up troubles
Hello,
I have been tasked with making sure our website login page runs through HTTPS. How the site works is no matter what page you are on you can click the login link, a pop-up modal box opens front and center with login form (login.aspx). Once you login that box goes away and the user is taken back to the page they were on as an authenticated user. This process works just fine, until I throw HTTPS in the way.
What I did on the login.aspx.cs page_load event was added:
if (!Request.IsSecureConnecti on)
{
Response.Redirect(Request. Url.Absolu teUri.Repl ace("http://", "https://"));
}
This part seems to work fine, once the login pop-up comes up I know it's now in HTTPS and the login function works fine...however the login box doesn't go away any longer. The form goes away but there is the background of login.aspx still sitting there. Here is the code that seemingly is supposed to make that pop-up disappear (also i have screen capture attached):
Response.Write("<script>wi ndow.paren t.$eSite(' #divLoginI frame').mo dalHide(); if(window. parent.loc ation.toSt ring().ind exOf(\"act ivateuser. aspx\") >0){window.parent.location = '/default.aspx';}else{wind ow.parent. location = window.parent.location;}</ script>");
I'm pretty sure I know what the problem is, but I don't know how to fix it. The very last else it's setting the parent location (which should be the original page that called up the login), however my code to redirect to HTTPS I believe is changing that value and it's just trying to call itself as the parent location thus causing that frame to stay up and not go back to the original page. I don't want to hard-code a parent location because I would like it to return back to the page the customer was on.
Any ideas how I can make this work? I'm not big into Javascript so I'm not sure if something like this is easy or not.
Thanks,
Joe
image.jpg
I have been tasked with making sure our website login page runs through HTTPS. How the site works is no matter what page you are on you can click the login link, a pop-up modal box opens front and center with login form (login.aspx). Once you login that box goes away and the user is taken back to the page they were on as an authenticated user. This process works just fine, until I throw HTTPS in the way.
What I did on the login.aspx.cs page_load event was added:
if (!Request.IsSecureConnecti
{
Response.Redirect(Request.
}
This part seems to work fine, once the login pop-up comes up I know it's now in HTTPS and the login function works fine...however the login box doesn't go away any longer. The form goes away but there is the background of login.aspx still sitting there. Here is the code that seemingly is supposed to make that pop-up disappear (also i have screen capture attached):
Response.Write("<script>wi
I'm pretty sure I know what the problem is, but I don't know how to fix it. The very last else it's setting the parent location (which should be the original page that called up the login), however my code to redirect to HTTPS I believe is changing that value and it's just trying to call itself as the parent location thus causing that frame to stay up and not go back to the original page. I don't want to hard-code a parent location because I would like it to return back to the page the customer was on.
Any ideas how I can make this work? I'm not big into Javascript so I'm not sure if something like this is easy or not.
Thanks,
Joe
image.jpg
why not always use HTTPS, so configure IIS to redirect the user starting with HTTP?
ASKER
Hi,
That is definitely an option, but it seems to be overkill having the entire site running HTTPS 24x7x365. Not really the solution I was looking for.
Thanks,
Joe
That is definitely an option, but it seems to be overkill having the entire site running HTTPS 24x7x365. Not really the solution I was looking for.
Thanks,
Joe
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks so much! I will check that possibility.
ASKER
Hello,
Found it was a cross-domain issue, was able to get around it.
Thanks for the suggestion.
Joe
Found it was a cross-domain issue, was able to get around it.
Thanks for the suggestion.
Joe