Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Forms Authentication Redirect to default.aspx

Status
Not open for further replies.

flyclassic22

Technical User
Oct 1, 2002
54
SG
hi, i'ved created a membership page with asp.net (not with membership roles)

In my login.aspx

i've 2 textbox (password and username)and 1 button to login:

protected void Button1_Click(object sender, EventArgs e)
{
if (Page.IsValid) {

if(authenticateUser(usernameTXT.Text.Trim(),passwordTXT.Text.Trim())){


FormsAuthentication.RedirectFromLoginPage(usernameTXT.Text.Trim(), false);

}
else{

loginLabel.Text = "Error logging in with your username and password, please check and try again.";
}



}

Everything worked well. So i put a line in all the aspx pages(eg, shoppingcartcheckout.aspx) that a member can access in the pageload:

if (User.Identity.IsAuthenticated)
{
...do whatever here
}
else{
Response.Redirect("login.aspx")
}

I've a scenario here
Whenever i try to access shoppingcartcheckout.aspx without login, it prompts me to login.aspx... which is what i wanted, but after i successfully login, it redirects me to Default.aspx. I want to go back to that shoppingcartcheckout.aspx instead of Default.aspx and i've go and click shopping cart> checkout again..

Any help,?
 
hi,

why are you checking for authentication in each page? forms authentication does just that...

Known is handfull, Unknown is worldfull
 
by default forms authentication protects page from direct access. so the snippet code that you had added is not required at all...

Known is handfull, Unknown is worldfull
 
you mean i don't have to check for my other pages ?

but if i would like to display a portion which only members can see in the page, how do i do it?
i am using if(User.Identity.isAuthenticated) for everypage load now, i am doing the wrong way?
 
>>but if i would like to display a portion which only members can see in the page, how do i do it?


hmm, so you want to protect only a part of the page?

why not use IFRAMES? what you could do is add all protected into a special directoty. you can protect these files using FilesAuthentication.

when they are opened in the IFRAME, it will check for the authentication, by default it will not be there. therefore the IFRAME page will by default direct to the page that you request (which could well be a page that says "You need to be authenticated to view this content")...

Known is handfull, Unknown is worldfull
 
no, i can't do that.. can anybody else explain to me about forms authentication.. does that mean that now all my .aspx files are already protected by default.? but this isn't true because i can still view these files without login..(if i dun check for (if(User.Identity.isAutheticated) in page load..
 
Is this resolved?

Can you please explain this to me too? I have read all over that I need that piece of text in all my pages.

What's the set up? How is this done if the site is public?

 
You have to update the web.config to specify which pages are protected.

In web.config (in <system.web>)
Code:
<authentication mode="Forms">
   <forms name="LoginAuth" loginUrl="~/login.aspx" timeout="20" cookieless="UseCookies" />
</authentication>

In web.config (outside <system.web>)
Code:
<location path="shoppingcartcheckout.aspx">
   <system.web>
      <authorization>
         <deny users="?" />
      </authorization>
   </system.web>
</location>

This will automatically redirect anonymous users to login.aspx if they try to access shoppingcartcheckout.aspx.

In your login page, once they are successfully logged in, redirect back to the original page like this:

Code:
Response.Redirect(FormsAuthentication.GetRedirectUrl(theirUserName, false), true);

There are a couple of other ways, but this is how I typically do it.



Ron Wheeler
Tekdev Open Source Development
 
ok so we have 2 web.config forms.
The first one is this, and we'll call it A.

"<authentication mode="Forms">
<forms name="LoginAuth" loginUrl="~/login.aspx" timeout="20" cookieless="UseCookies" />
</authentication>
"

The other one is this,we'll call it B.

"<location path="shoppingcartcheckout.aspx">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
"

The A web.config will be placed in the root directory where your default.aspx resides.

The B web.config is placed in your protected folder where your secret aspx files are.

Then in your login page, you write some codes to validate user name and password. Once the user and pass is validated against your database or whatever, you call the
Asp.net "FormsAuthentication" to let it know that this person checks out ok. And then Asp.net will create a cookie and keep track of the user automatically.
There is also a logout function that you need to add to your page.
Ex.

if(user=="jack" && pass=="jill")
{

FormsAuthentication.RedirectFromLoginPage(usernameTXT.Text.Trim(), false);

}

 
Oops, I forgot to ask my own questions.

heres a scenerio, I type in the url to the protected page without logging in so it brings me to the login page.
Once I login successfully, it brings me to the page I that I originally requested with this method,"RedirectFromLoginPage".

My question is, suppose I dont want my user to go back to the original request page and instead, I want it to redirect the user to yahooo.com. How would I do that?
 
Instead of redirecting like you do in your example, you would just redirect to yahooo.com.

Code:
if(user=="jack" && pass=="jill")
{
   Response.Redirect("[URL unfurl="true"]http://www.yahooo.com");[/URL]
}

Ron Wheeler
Tekdev Open Source Development
 
hmm.. thanks behindthepipe..
What if i've another login page ,say adminlogin.aspx which uses another function and access another table for checking ,just for admininstrator? How do i include it in the web.config?coz one already exist together with the location path as well ?
 
flyclassic22 ,

In asp.net 2.0, theres a new feature called Profiles/roles.
Once a user is validated, it checks to see what type of roles or rights that a user have. E.g, if they are admin then they have they own customize pages with admin functions, ect.
I dont have great knowledge on this new topic yet,too lazy to read the chapter. Maybe someone here with a better understanding can give you a tutorial.

You could have asp.net check what type of priviledge the user (in table) has at the time of password checking. Base on that you can load different page.

Or create an admin directory and add just another one of these

<location >
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top