I have a simple Web Forms login. The application has three roles, Admin, Expert and Member. I want to re-direct to a different sub-page for each. I also want to be able to re-direct to home page on logout.
I've asked a similar question here, but the solution overrode the LoginStatus LogoutPageUrl attribute. Can anyone suggest how to do this?
UPDATE 12/28/2012
So far, the only solution to this I have found is to create a new menu page containing security-trimmed links to the different destination pages. Leaving this question open for a while to elicit feedback / alternative solutions...
So far, the only solution to this I have found is to create a new menu landing (destination) page containing security-trimmed links to the different destination pages.
protected void Page_Load(object sender, EventArgs e)
{
if(User.IsInRole("Admin"))
adminLink.Visible = true;
if ((User.IsInRole("Member")) || (User.IsInRole("Admin")))
questionsLink.Visible = true;
}
Related
I am a new bee creating an asp.net web application for my application. I will have different users and i didn't use any special forms or methods to do the login. I have access db , in there i have some user role, company,username , and password.
In my login page through text box i will get company username and password inputting by the end user. then i will check for the company and username (which is primary key in the table.) if the password matches then will find the user role and redirect to the pages for each user.
that works fine now.
I have a log out button which is sitting in the sitemaster page and
<div id="logout" runat="server" visible="false" class="navbar-brand1">
<a id="lo" runat="server" href="/Default">Log Out </a>
</div>
then in the pages where i want to show the log out i will call the code
Master.FindControl("logout").Visible = true;
it was working fine in respect of login in and login out . but infact the log out button just redirects to the first page on site and if we do the back arrow in the browser i can go back to the prevs page i was on. Is there any way i can do it neatly so that after log out even though if i go back on the browser it will ask for log in .
Any help will be really appreciated. I made a mistake and created complete application now i am worried about this feature so technically i am not logging out :(
Whenever a user opens a page in the system use below code to check if the session is valid
if (!IsPostBack)
{
if (Convert.ToString(Session["UserName"]).Length <= 0)
{
Response.Redirect("Login.aspx");
}
}
When the user clicks on SignOut button, make redirection to a SignOut.aspx page. Use below code in the form load event of SignOut.aspx to clear the session.
protected void Page_Load(object sender, EventArgs e)
{
Session.Abandon();
Session.Contents.RemoveAll();
System.Web.Security.FormsAuthentication.SignOut();
Response.Redirect("Login.aspx");
}
Well, your question is how to do the
proper login
The proper way is not to reinvent the wheel, but use the framework that is built in in ASP.NET
https://msdn.microsoft.com/en-us/library/ms731049%28v=vs.110%29.aspx
It will give you a lot of extra features, like using OpenAuth etc.
Example
"https://msdn.microsoft.com/en-us/library/aa354509%28v=vs.110%29.aspx
As #Chathuranga Ranasinghe mentioned I used session varibale to store the username details and i will check if the session variable empty then go to my default page otherwise continue.
if (((string)Session["iden"]) )
{
Response.Redirect("/Default.aspx");
}
i used this on the pages comes after logged in and it works fine for me now.
For each page in my ASP.Net WebForms app I check the user's access like this:
protected void Page_Load(object sender, EventArgs e) {
if (!UserCanAccessPage())
RedirectToAccessNotPermitted();
// < if user has access, set up the page >
}
My question is, is that single check enough or should I check at all other handlers:
protected void seriousDeleteButton_Click(object sender, EventArgs e) {
// ** DO I NEED TO CHECK ACCESS AGAIN HERE? **
// < do stuff that only some users have access to >
}
I know under a normal page lifecycle the Page_Load() should always be called before the event handlers, but I'm wondering if there's a tricky way to hit other ASP.NET endpoints with curl or mucking around with javascript or something.
(I'm only talking about regular WebForms-style postbacks, no explicit AJAX stuff. But of course UpdatePanel uses asynchronous javascript and I'm sure other controls do to.)
Yes, it is enough, because Page_Load will be called every time a user requests a new page or posts back the page. You do not need to check again in button click events.
However, it is fine with a website with a couple of pages. In other words, if you have multiple pages, maintenance is will be nightmare.
Normally, you want to use Form Authentication, and restrict acesss to pages by using web.config.
I have a page in my website that can be reached from several other pages. On this page I have a cancel button and when people click that I would like to execute some code on the server and then redirect back to the page they came from.
I was trying to do this by referencing Request.UrlReferrer, but once a post back occurs, this is set to the current page.
I have come up with a workaround using session state:
protected void Page_Load(object sender, EventArgs e)
{
if (!Page.IsPostBack)
{
Session["referrer"] = Request.UrlReferrer.AbsoluteUri;
}
}
btn_Cancel_click(object sender, EventArgs e)
{
//Some other code and then the line below:
Response.Redirect(Session["referrer"]);
}
But I'm curious if there is a more graceful way to do this without using session state. Can anyone suggest a better solution for this?
The UrlReferrer is not safe to be used for return back with the cancel because many users can ether select to block it (and not giving information's from where they have come from), and also I have see some times that malicious programs place there spam sites.
The correct way is to use a parameter on the url that tell to your page where to return on cancel - eg:
http://www.yoursite.com/callpage.aspx?ref=/signin/
I'm doing a simple check for some user data that get's put into session on sign in. What happens, is I click through a few buttons to get to this page. This page a has a drop down that is set to autopostback=true.
When I change my selection in the drop, my request get's redirected to a page that doesn't exist. signin.aspx exists in the root folder of the site. The attempted redirect looks for signin in the folder that this particular page is in (example.com/folder1/signin.aspx) instead of example.com/signin.aspx.
Should I be using something other than Response.Redirect to accomplish this?
Side note about the application:
This is .net 4 using jquery 1.6.4 and jquerymobile 1.0. I'm thinking jquery mobile is the problem because I use this same pattern/practice on other applications without issue.
Location of page where this is happening.
example.com/folder1/page2.aspx
location of sign in page: example.com/signin.aspx
url that displays in the error. example.com/folder1/signin.aspx
protected override void OnInit(EventArgs e)
{
if (Session["UserData"] == null)
{
Response.Redirect("../SignIn.aspx");
}
}
You should always use asp.net style root-relative paths:
Response.Redirect("~/SignIn.aspx");
That makes the URL relative to your site's root (not the web root unless your site is the web root), but still allows the site to be moved around.
jquery wouldn't be affecting a server side response.redirect. Are you sure that the page exists as it's being set in your code? If signin.aspx is in the root of the website, could you not simply do this?
Response.Redirect("/SignIn.aspx");
Try This
protected override void OnInit(EventArgs e)
{
if (Session["UserData"] == null)
{
Response.Redirect("~/SignIn.aspx");
}
}
In an ASP.NET 3.5 site we have a relatively standard payment checkout progess that contains a number of pages that need to be visited in sequence (shopping basket, payment details etc)
Each page has a "Continue" button that redirects to the next page in the sequence.
I would like a way of managing the page sequence so that:
I can have a Master page that defines the "Continue" button and its code-behind OnClick event handler
If the user attempts to visit a page out of sequence (by typing the URL directly into their browser, for example) they get redirected to the correct page
This page sequence is nicely defined in one place in my code (in an enum for example)
Why not use the ASP.NET Wizard control?
Alternatively (and I haven't tried it so I can't say how well it works), you could use Windows Workflow to define a sequential workflow and let that control the order pages come up in. There's an article at http://www.devx.com/dotnet/Article/34732 that takes you through doing it this way.
Check the HttpRequest.UrlReferrer variable in each Page_Load method...
http://msdn.microsoft.com/en-us/library/system.web.httprequest.urlreferrer.aspx
... and don't forget to check for nulls! You can bounce them to where they are supposed to be, based on where they came from.
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
Session["PreviousPage"] = Request.UrlReferrer.ToString();
...
}
else
{
...
}
}