Return URL concept in ASP.NET - asp.net

My requirement is this. whenever i would not be login in my site then never access a web page. but the url added after the login page url means (return url) and after successful login into my site the page redirect to same page which i have to access and entered into address bar.
Example: i have to access page http://localhost:14334/User/userdetail.aspx without login. the page returns to me on http://localhost:14334/Login.aspx. but i want that the page returns to me on http://localhost:14334/Login.aspx?ReturnUrl=%2fUser%2fuserdetail.aspx

Sounds like all you are missing is the call to redirect:
FormsAuthentication.RedirectFromLoginPage(UsernameTextbox.Text, NotPublicCheckBox.Checked);
See this for more information - http://msdn.microsoft.com/en-us/library/ka5ffkce.aspx

The return URL in the ASP.NET login page returns to the location upon a successful login, if the default ASP.NET template is not modified.

Related

Using FormsAuthentication in asp.net to redirect on unprotected page

I have a weird scenario. I have forms authentication working properly. My protected pages are in a folder and if I navigate to them I get redirected to the login page with a return URL in the querystring. So far so good. BUT I have one page that is a search results page. The requirement is that the page hide some of it's data if the user is not logged in, but the rest of the page is viewable as normal.
I did some trickery to hide panels with the authenticated only data, works fine. The issue I have is that if the user goes through the search process (which is multi-step) and after seeing the results wants to log in, they would have to click a login link at the top of the page. This will load the login page WITHOUT a return url. After all, the user clicked a link to a new page (the login page). After submitting the login info, the referrer is now wrong (it would be the current login page).
So without messing up the FormsAuthentication system that works so well for protected folders, how can I return a user to the last place they were after they choose to login on their own (from a non-protected page). I realize that this is not a flaw in FormsAuthentication and the solution might not have anything to do with that at all, just wanted some options. Any suggestions?
You can use this
Request.UrlReferrer.ToString();
It will give you the previous page url.
Edit 1
Here is a similar question on SO
Finding previous page Url
Edit 2
public Page PreviousPage { get; }
Here is msdn link
http://msdn.microsoft.com/en-us/library/system.web.ui.page.previouspage.aspx?cs-save-lang=1&cs-lang=csharp#code-snippet-1

Caching anonymous page with redirect if user is authenticated

I would like to use page caching for our asp.net mvc site's landing page. This page is accessible to anonymous users only. If the user is logged in however, I would like this page to redirect to the user home page which is authenticated.
The problem is that if I cache the landing page, a logged in user can still access this page because it is cached on their browser.
Obviously a meta refresh header if the user is authenticated will also not work because the page will cache without the header in the first place.
Is there any way to cache the landing page but also redirect if the user is logged in, without using query params, or is conditional GET the only way to do this?
You could use the OutputCacheAttribute, with the VaryByCustom parameter.
If you set it to something like "IsAuthenticated" and then define the GetVaryByCustomString method in your Global.asax file, and return a string of "True" or "False" depending on if the user is authenticated or not perhaps.
In fact, the following Blog Post answers your exact question: Read This

ASP.NET Cookieless Forms Auth not setting cookie when Login page is bookmarked

Our ASP.NET 4.0 application's forms authentication is set to cookieless="AutoDetect." I've noticed that if a user bookmarks our login page, the bookmark link is set to https://hostname.com/Login.aspx?AspxAutoDetectCookieSupport=1. If a user navigates to this directly from a new browser session and performs a valid login, the cookie is not set. If I navigate directly to that page, bu remove AspxAutoDetectCookieSupport from the query string, the cookie is created correctly.
If a user navigates directly to Default.aspx or the root directory, login functions correctly, even with AspxAutoDetectCookieSupport=1 tacked on to the query string.
When the user clicks the login button, we do a postback to the login page and manually check the users credentials against our database. If successful, we do:
FormsAuthentication.RedirectFromLoginPage(userName, false);
I've spent many hours debugging this, including looking at the ASP.NET forms authentication code in the reference source, and haven't been able to determine what is causing this. The only solution we have at the moment is telling users to remove the Login page from their bookmark URL and adding a bookmark button on our Login page for users to click.
Is there another solution to fix this forms authentication issue? Is it a but in forms authentication?
The problem here is that you are always using the RedirectFromLoginPage, whether or not the redirect location is provided. If it is not provided, then the redirect will fail. A proper solution to this would be to check the redirect url and redirect to the default.aspx if it is not available (source example borrowed from this blog article):
// Once the user's entered credentials are verified //
if(Request.Params["ReturnUrl"] != null)
{
FormsAuthentication.RedirectFromLoginPage(txtUserName.text, false);
}
else
{
FormsAuthentication.SetAuthcookie(txtUserName.text, false);
Response.Redirect("Default.aspx");
}

I have a Login Control.Even after successful Login it does not redirects to destination page

I have a ASP.NET Login Control with Forms authentication.Even after successful Login it does not redirects to destination page.But it uses returnURL and stays at same Login page.How to make Login Control to redirect to specified destination page?
If you haven't done so already, I think you just need to set the default url in the forms tag (web.config like so)
<forms loginUrl="blablabla.aspx" defaultUrl="YourDefaultPage.aspx" />
Give it a go and let us know how you get on.

ASP.NET: directing user to login page, after login send user back to page requested originally?

I am trying to manually implement a login system in ASP.NET 3.5. Basically, on load, I would like the site to check and see if user object is active, if not, than I want the login page to appear.
After user has logged in successfully, I would like the user to be able to access the same page he has requested originally.
for example:
user request to: MyPage.aspx - not logged in
login page appears instead of MyPage.aspx
user logs in successfully
MyPage.aspx appears instead of Default.aspx for example
Peering at the System.Net namespace, I see that there is an "HttpWebRequest Class" which has a "HttpWebRequest.AllowAutoRedirect Property" but am unsure how that would get me back from the login page.
NOTE: I know there are automatic authentication systems setup in ASP.NET, but I would like to have manual control over the database.
-- Tomek
What you could do, if you don't want to actually use the built in Forms Authentcation is:
Check if the user is authenticated on each page you want to hide from anonymous users. If they are not authenticated, redirect them to your login page with the URL in the query string.
if(!HttpContext.Current.User.Identity.IsAuthenticated) {
Response.Redirect(~/login.aspx?redirect=this_page.aspx");
}
Then on your login page, after a user logs in. Check the query string to see if there is a redirect parameter.
if(!String.IsNullorEmpty(Request.QueryString["redirect"]) {
string url = ResolveClientURL(redirect);
Response.Redirect(url);
}
Of course this is all built into .NET using Authentication, where you can deny anonymous access to certain directories, and when you do that, .NET will redirect to your login page (which is set in the web.config) and will include a "ReturnURL=blahblah" on your login page.
Just an FYI.
Just save the originally requested url in Session or a hidden field on the login page
After successful login, use Server.Transfer or Response.Redirect to jump to that page.
It looks like another method is described here. It seems that you can use the following object to return from the login page:
FormsAuthentication.RedirectFromLoginPage
Yet, according to the article, the better method is to use what JackM described, but with an overload:
Response.Redirect("~/default.aspx", false);
In doing so, you prevent the Session from ending when the page is redirected.

Resources