Ask a Question related to ASP.NET Security, Design and Development.
-
Tim_Mac #1
Solution to Forms Authentication redirecting to bogus default.aspx page with RedirectFromLoginPage
hi,
i've read a lot of posts here about people who ran into problems using
forms authentication, and the RedirectFromLoginPage() method, which
always redirects to a default.aspx. this is a big problem if you use
sub-folders that don't have a default.aspx page, as in my case.
i read some posts that suggested manually Response.Redirecting the user
to the url in the querystring, but actually this is incorrect because
Forms Auth puts the default.aspx in that querystring even if the user
wasn't at a page called default.aspx.
i put together a simple solution to get the redirecting to work
properly, and would like to post it here for future reference:
1. the Login page (Login.aspx) must be set up to read the
HTTP_Referrer, and add it to the ViewState in the first Page_Load on
that page.
2. in the btnLogin_Click event on Login.aspx, the SetAuthCookie() event
should be called, and the user should be Response.Redirected to the
referrer value in the viewstate.
Here is sample code:
*****************
Login.aspx
*****************
private void Page_Load(object sender, System.EventArgs e)
{
if(!IsPostBack)
ViewState["originalUrl"] = Request.UrlReferrer.AbsoluteUri;
}
private void btnLogin_Click(object sender, System.EventArgs e)
{
string originalUrl = ViewState["originalUrl"];
if(originalUrl == null || originalUrl == "") // in case the viewstate
is corrupt, use default.aspx by 'default'
originalUrl = "default.aspx";
// do your password checking here
// if it's all ok then...
FormsAuthentication.SetAuthCookie(username, false);
Response.Redirect(originalUrl, true);
}
Tim_Mac Guest
-
Forms Authentication - Not timing out, not redirecting.
Hi, I've come across this scenario in ASP.NET 1.1 with forms authentication where the forms auth doesn't seem to timeout correctly, nor redirect to... -
Redirecting anon users - Forms or Windows Authentication
I have an Intranet site that I'm trying to work out some authentication issues on. Eventually, I want all of our domain users to add the url for the... -
RedirectFromLoginPage not redirecting
I'm attempting to use Forms/Roles based authentication and authorization. A subdirectory's web.config allows only "Admin" roles and it does kick... -
Security alert when redirecting the user from aspx to asp page
Hi, I get a security alert when I redirect a user from aspx page to asp page. Both the pages are present on the same web site and Https is... -
redirecting from .aspx page to .asp page
There is no great way to share session state between ASP and ASP.NET. But that doesn't mean you don't have options. Here are some common ways:... -
Subrata K #2 Re: Solution to Forms Authentication redirecting to bogus default.aspx page with Redi
what u suggest is correct but if anyone want to use the same code, see the following soln.
FormsAuthentication.RedirectFromLoginPage will redirect to the default page specified in your <forms defaultUrl> tag in your web.config file; so u just modify <forms defaultUrl="someother.aspx"> in web.config and it automatically redirect into someother.aspx page.
Regards,
Subrata KSubrata K Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
