Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Redirect User

Status
Not open for further replies.

Jcarr38

Programmer
Feb 16, 2007
27
US
Okay i've got this code in the web.config below.

Code:
<location path="testpage.aspx">
	<system.web>
		<authorization>
			<allow users="user2, user1"/>
			<deny users="*"/>
		</authorization>
	</system.web>
</location>

My issue is for this testpage.aspx if the user isnt either user 1 or user 2, then i'd like to redirect them to another page BUT i already have this code below for a redirect to the login page but i don't want them to refer back to the login page for this specific testpage.aspx

Code:
<authentication mode="Forms">
	<forms loginUrl="login.aspx"/>
</authentication>


Rather than setting up a role, could i just create an If statement on the testpage.aspx and if so would it be something like this.. I would appreciate any help.

Code:
If request.LogonUserIdentity.....
     Response.Redirect("/")
End If
 
this won't work because authorization is validated before the page is rendered.

have you confirmed this is the result, or you think this will be the result? I ask because users are redirected to the login when they are not logged in. I wasn't aware this would happen if they are logged in but do not have access.

have you tried setting up the CustomErrors to catch an authentication error and redirect to an "Invalid Access" page?

Jason Meckley
Programmer
Specialty Bakers, Inc.
 
No i havent tried that but i know i could do something like this but it's not probably a good way of doing it. Eliminate the web.config code for the page and just put this in the actual page. What do you think?


Code:
If Not Request.LogonUserIdentity.Name = "user1" Or Not Request.LogonUserIdentity.Name = "user2" Then
            Response.Redirect("/")
End If

 
I meant this...

Code:
If Not User.Identity.Name= "user1" Or Not User.Identity.Name= "user2" Then
            Response.Redirect("/")
End If
 
I wouldn't opt for this because now you have security settings scattered throughout the application. I would either opt for the web.config authorization. or roll your own authorization model which is referenced in a base Page class.

why would the user have a link displayed to this page if s/he is not authorized to see it? if you want to use the redirect because they manually type the url, or bookmark the page then an "Unauthorized Access" message/log is appropiate.

Jason Meckley
Programmer
Specialty Bakers, Inc.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top