Is there an easy way to get forms authentication to ignore the returnURL?
So the user clicks a link, the site timesout, they get redirected to my login page (which appends ReturnUrl to the URL) - I don't want this to happen, or for it to be ignored when they login again.
You can strip it off if you don't want to show it. I do that because I don't want it to show with SEO-friendly URLs that I have setup.
In the Global.asax file put the following:
Protected Sub Application_EndRequest(sender As Object, e As System.EventArgs)
Dim redirectUrl As String = Me.Response.RedirectLocation
If Not Me.Request.RawUrl.Contains("ReturnUrl=") AndAlso Not String.IsNullOrEmpty(redirectUrl) Then
Me.Response.RedirectLocation = Regex.Replace(redirectUrl, "\?ReturnUrl=(?'url'[^&]*)", String.Empty)
End If
End Sub
One option is to have some code in your login form's code-behind that does the following:
if (!string.IsNullOrEmpty(Request.QueryString["returnUrl"]))
{
Response.Redirect("path/to/my/login.aspx");
}
In other words, check in your login page for the presence of the returnUrl querystring parameter and if it's present, strip it out by redirecting back to yourself.
I don't think you can prevent this from being tacked onto the URL when using Forms Authentication.
However, you don't need to call RedirectFromLoginPage (which is what I'll presume you're doing at the minute); what you can do is simply use SetAuthCookie to persist the login state and Response.Redirect anywhere you like after that.
Related
I am creating asp.net session object in Masterpage pageload and again I am checking in content page where session is exists or not. It is not working in initial first load. If I refresh (F5) then I am able to get this.
Master
Dim User As System.Security.Principal.IPrincipal
User = System.Web.HttpContext.Current.User
Dim username As String
username = User.Identity.Name
Try
lblUsername.Text = "Welcome " & IIf(Not String.IsNullOrEmpty(GetFullName(User.Identity.Name)), GetFullName(User.Identity.Name), User.Identity.Name)
Session("username") = username
Catch ex As Exception
End Try
ContentPage
If Not Page.IsPostBack Then
If Not Session("username") Is Nothing Then
Dim Clients As List(Of Dim_Client)
Dim c As New Dim_Client
Clients = c.GetClients(Session("username").ToString)
If Clients.Count > 0 Then
ddlClients.DataTextField = "Client_Name"
ddlClients.DataValueField = "Client_Idx"
ddlClients.DataSource = Clients
ddlClients.DataBind()
End If
End If
End If
I think your content page code may be executing before your masterpage code. In what methods/events do you have these statements?
Edit - See here: asp-net-masterpage-load-first-or-page-load-first. Content page page_load fires before master page page_load
Another Edit: For a solution, try moving the master page code to the init handler.
You're using Windows Authentication, do this work in the Session_Start of the application in the Global.asax - if you don't have one in your project you can add it via Add New Item on the project.
Do this for two reasons, first because it only needs done once per session, but second because it will then be available in your content page and can be removed from the master page.
Based on your code you'll leave the label work in the master page, but the work to gather and set the user name in session, do that in the application class.
I'd try and provide a code example but I'm answering this from my phone.
Check this page out. http://msdn.microsoft.com/en-us/library/dct97kc3(v=vs.100).aspx
Your content page page_load event is being called before the master page page_load event
Even more information here: FAQ: Sequence that events are raised for Pages, UserControls, MasterPages and HttpModules
Is there any way to know the previous page a user visited (on my site of course) from server side? I know I can do it if user was redirected before with Transfer() method. Does any history exist during session?
You can use http://msdn.microsoft.com/en-us/library/system.web.httprequest.urlreferrer.aspx to get previous user client page.
Is the page that you looking for inside your own site? If so, you can do this to enable different reactions for different pages. If it is outside of your site, then I would go with UrlReferrer like Trekstuff mentioned.
If Not PreviousPage Is Nothing Then
Dim str As String = PreviousPage.AppRelativeVirtualPath
If str = "~/(DESIRED URL)" Then
End If
End IF
I have a user control where if a certain action is performed I want to redirect to the page the user was on with some additional query string parameters.
So, if UserControl.ascx was on Home.aspx, I want to redirect to Home.aspx?action=true, and if UserControl.ascx was on Profile.aspx, I want to redirect to Profile.aspx?action=true
So basically, in my UserControl.ascx.cs I want to get the URL of the Parent Page. How can I get it?
You can look at the Request.Url, Request.RawUrl, Request.FilePath, and some of the other similar properties of the Request object - depending on how you're using this.
This will give you the requested URL from the browser, which will in turn tell you which page your control is living on.
You still have access to the request object from the user control, so do something like this:
string currentUrl = Request.Url.AbsoluteUri.ToString();
Request.UrlReferrer will get you the URL of the previous page... usually. There are some situations where it could be empty:
links clicked from an email message
shortcuts saved to a desktop
spoofed URLs
perhaps some settings or browsers
probably other scenarios as well
As long as your code "plays nicely" when UrlReferrer is empty or invalid, you should be good to go.
Request.Url.Scheme + "://" + Request.Url.Host + Request.RawUrl
I have a Web application (Help Desk Ticket System) with an inbox to monitor incoming requests and made some filter buttons that help the user arrange the requests based on requester name, creation date, etc.
Every filter will simply call the same page but will add some code to the query string.
Example, if the user presses a button labeled [Sort by Date] here is the code behind for that button:
Response.Redirect("Inbox.aspx?Filter=DATE")
another button will similarly execute:
Response.Redirect("Inbox.aspx?Filter=NAME")
A GridView will be populated with some rows (Summary of the incoming requests) and ordered by the preference of the user.
Once the user has decided to view the full details any of the incoming requests, a click on any row will lead to
Response.Redirect("Details.aspx?REQ_ID=123")
'where 123 is the request number the user clicked
Then the user is given a chance to update/edit the request using several buttons on the Details.aspx page, but every button will need to return the user to the inbox with the preference of filter that the user had before vising the Details.aspx page.
In other words, I would like to do the following once the user presses a button on the Details.aspx page
Sub btnUpdateRequest() Handles btnUpdateRequest.Click
'My code here for the button action (update/edit/send/cancel)
' once the job is done, return the user to the Inbox.aspx page with the same filter
Response.Redirect("javascript:History.Back()")
End Sub
But I know that Response.Redirect does not accept javascript, and I don't want to split the code between Code Behind file, and ASPX file (adding OnClientClick attribute) because I will need to perform both VB instructions and also redirecting the user.
You could redirect to the referrer URL. You should probably check first to see if it is available.
if (Request.UrlReferrer.AbsoluteUri != null) {
Response.Redirect(Request.UrlReferrer.AbsoluteUri);
}
Below might help you. Place this code inside button click()
Page.RegisterStartupScript("goBack", "<script type=""text/javascript"" language=""javascript"">window.history.go(-1);</script>")
Instead of Page. you could use ClientScript., similar to this:
ClientScript.RegisterStartupScript(
GetType(String),
"goBack",
"<script type=""text/javascript"" language=""javascript"">window.history.go(-2);</script>")
The .go(-2) in my suggestion is necessary (ReportViewer).
In ASP.Net, is anyone aware of a way to bypass Forms Authentication if a specific query string parameter is passed in?
Such as:
mydomain.com/myprotectedpage.aspx
...I would like to be protected by Forms Authentication (and so, redirected to login page)
mydomain.com/myprotectedpage.aspx?myBypassParameter=me
...I would like the page to render as normal
Is this at all possible?
Not really any "official" way of doing it.
You could do what I do, is have a base page instead of system.web.ui.page like so:
Public MustInherit Class ProtectedPage
Inherits System.Web.UI.Page
Private Sub Page_InitComplete(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.InitComplete
If User.Identity.IsAuthenticated = False Then
If String.IsNullOrEmpty(Request.QueryString("myBypassParameter")) Then
FormsAuthentication.RedirectToLoginPage()
End If
End If
End Sub
End Class
In your code behind, you could simply use Request.QueryString["myBypassParameter"] and check its value. If it's an invalid value, then use FormsAuthentication.RedirectToLoginPage or a custom redirect to put the user back at the log in page. However, this doesn't seem like a secure method of protecting a page. What if someone got hold of the specific parameter and managed to gain access to your protected page? Also, you want to make sure that the QueryString value is valid (maybe by a regular expression) to ensure the user hasn't passed malicious code which will then be read by your application.
You might be able to jam some quick code into the Application_AuthenticateRequest event. You could then test for the parameter and adjust the User.Identity as necessary to allow the page. You'd have to put in a page check as well to make sure it didn't allow this behavior on all restricted pages.
I wouldn't recommend this design as an approach though. If you need to have a protected area accessed in an anonymous fashion, it'd be better to put all of your functionality into a UserControl and then use a protected/unprotected version of a parent page. This would allow you to control what goes out and when.