Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Redirect User

Status
Not open for further replies.
Jcarr38

Jcarr38

Programmer
Feb 16, 2007
27
US
Okay i've got this code in the web.config below.

Code: 
<location path="testpage.aspx">
	<system.web>
		<authorization>
			<allow users="user2, user1"/>
			<deny users="*"/>
		</authorization>
	</system.web>
</location>

My issue is for this testpage.aspx if the user isnt either user 1 or user 2, then i'd like to redirect them to another page BUT i already have this code below for a redirect to the login page but i don't want them to refer back to the login page for this specific testpage.aspx

Code: 
<authentication mode="Forms">
	<forms loginUrl="login.aspx"/>
</authentication>


Rather than setting up a role, could i just create an If statement on the testpage.aspx and if so would it be something like this.. I would appreciate any help.

Code: 
If request.LogonUserIdentity.....
     Response.Redirect("/")
End If
 
Sort by date Sort by votes
this won't work because authorization is validated before the page is rendered.

have you confirmed this is the result, or you think this will be the result? I ask because users are redirected to the login when they are not logged in. I wasn't aware this would happen if they are logged in but do not have access.

have you tried setting up the CustomErrors to catch an authentication error and redirect to an "Invalid Access" page?

Jason Meckley
Programmer
Specialty Bakers, Inc.
 
Upvote 0 Downvote
No i havent tried that but i know i could do something like this but it's not probably a good way of doing it. Eliminate the web.config code for the page and just put this in the actual page. What do you think?


Code: 
If Not Request.LogonUserIdentity.Name = "user1" Or Not Request.LogonUserIdentity.Name = "user2" Then
            Response.Redirect("/")
End If

 
Upvote 0 Downvote
I meant this...

Code: 
If Not User.Identity.Name= "user1" Or Not User.Identity.Name= "user2" Then
            Response.Redirect("/")
End If
 
Upvote 0 Downvote
I wouldn't opt for this because now you have security settings scattered throughout the application. I would either opt for the web.config authorization. or roll your own authorization model which is referenced in a base Page class.

why would the user have a link displayed to this page if s/he is not authorized to see it? if you want to use the redirect because they manually type the url, or bookmark the page then an "Unauthorized Access" message/log is appropiate.

Jason Meckley
Programmer
Specialty Bakers, Inc.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Blueie
  • Locked
  • Question
Often, a user is required to type i
Replies
3
Views
348
jbenson001
jbenson001
koklimabc
  • Locked
  • Question
How to change attributes value of user control in div
Replies
2
Views
100
koklimabc
koklimabc
sharonniles
  • Locked
  • Question
Visual Studio 2013 Login to SQL Server using UserName
Replies
1
Views
108
jbenson001
jbenson001
berkshirea
  • Locked
  • Question
Fullsite redirect from mobile version
Replies
7
Views
105
jbenson001
jbenson001
Help14
  • Locked
  • Question
Guys I am stumped... Novice user here.. gridview edit
Replies
7
Views
76
jbenson001
jbenson001

Part and Inventory Search

Sponsor

Back
Top