I have read the many posts of people trying to use two different login pages: one for users and one for admins. My question is very different. I have a Site.master page with a LoginView and LoginControl. I then have three root level pages Default.aspx, About.aspx, and Contact.aspx that derive from the Site.master. All three pages are set in the web.config to be allowed to all users. I then have a MemberPage in a Member folder which is only accessible to authenticated users. What I want to have happen is to be able to login from either the Default, About, or Contact pages and then be directed to the MemberPage.
The way Form Authentication is set now, I can only have one loginUrl and one defaultUrl. Which means if I have this settings in my web.config:
<authentication mode="Forms">
<forms name="ishAuth" loginUrl="Default.aspx" timeout="50" defaultUrl="~/Member/MemberPage.aspx"></forms>
</authentication>
the only page that redirects to the /Member/MemberPage.aspx is the Default.aspx. I want my users to be able to browse through the anonymous section of the site and login from any page and then be redirected to the MemberPage. Right now if I am on the About.aspx page and log in I am authenticated but remain on the About page.
Is there a way around the properties of the element? Can I turn off the default actions of the element and do the redirect using my own custom code?
I don't have access to Visual studio right now, but you should be able to use the "OnLoggedIn" event of the login control to do what you want. Create the even handler for that event, and simply just put Response.Redirect("~/Member/MemberPage.aspx") and your users should get redirected to the right page.
You can have a look at this page on the MSDN for more information.
Related
Is it possible to have two default landing page for authentication in ASP.Net MVC? One for a specific folder i.e. Pages for Admin and the other is for everything else?
This is the scenario. I have an application with an Admin portal where only administrators can access and the Main portal for any active users. I am using the default forms authentication for MVC with the root web.config configured as below:
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="240" defaultUrl="~/" slidingExpiration="true"/>
</authentication>
So every user will be redirected to Account/Login when not they are not authenticated. Now, I want to have a separate landing page (Admin/Login) for admin pages when admin user is not yet authenticated. All Admin pages are in a folder named Admin. So is there a way for me to configure the authentication in the web.config of that folder to default to Admin/Login instead of Account/Login?
Edit:
The rules are simple. When a user tries to access any admin page i.e. Directly changing the URL, and they are not logged in, then I was hoping they would be redirected to Admin/Login, instead of Account/Login. We don't need to check for role since we are already restricting the controller to Admin Roles only.
Is it better to do this in an actionfilter instead?
Unless there is a way for you to differentiate admin from regular user on page loading then no.. If it is the same IP address being logged from you could do it like that ... or if its linked over from another account such as google login ... where you could check the user name and redirect based on if its saved as an admin... You would have to have a way to distinguish before you re-routed
I have a website hosted on GoDaddy. Url is www.boatronix.com. The files Reside in a folder '/boatronix' which in turn is in a folder '/_sites.' I have a master page which contains a SiteNav.ascx (that sits in a "Controls" folder under the root directory) and it has page links all with urls of "../sales.aspx" or "../operations.aspx" and so on. When I go to one of the pages, all in the same root directory, I get a page with an address bar above "boatronix.com/sales.aspx" just like it should.
I also have ASP.net membership Login Controls on the master page, and one of the nav links points to a restricted page. When I am redirected to login.aspx from either route (requesting the restricted page OR clicking the 'login' button in the loginStatus control) I am taken to the login.aspx, but with an address bar above that is now appended "boatronix.com/_sites/boatronix/login.aspx."
Problem: this is an undesireable result, because the returnUrl in the query string, and then every subsequent page request is then searched as "boatronix.com/_sites/boatronix/page.aspx" and so my nav links are all now broken.
My question: Is the scripting for the login controls' 'doPostBack' functionality to blame--this is what GoDaddy's tech line tells me is the problem; OR, do I need to fix this in IIS, or in my code, or my web.config? (for instance, setting any virtual directory rules)
If you go to the site "www.boatronix.com" and click the "Login" link on the upper right, you'll see what happens as the page request seems to trace back one directory from '/boatronix' to '_sites' and then proceed from there--I'm trying to stop it from doing that and keep in the root directory.
Thx much for looking and any suggestions.
Very hard to figure out what your issue is without seeing your site's structure completely, but it sounds like you'll need to adjust your login page URL in your Web.Config.
When you access any protected page ASP.NET will direct you to the login url with the referring page in the query string parameter with the key ReturnURL. If you want to adjust where that redirect goes to then you need to adjust the loginUrl location in the Web.Config.
Such as
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>
See: Authentication Web.Config on MSDN
I built a simple site which has an open section and admin page, which you can get to, only after loging in.
I implemented the default asp .net login control.
The problem is, after successful login (the login page is called admin.aspx) I want to redirect to another page called groups.aspx (redirecting it by code - Response.Redirect("AdminTools\\Groups.aspx") ), but instead I get an error "The resource cannot be found.", which says that cannot find "login.aspx". The problem is I don't have a page called login.aspx in my site, and I can't manage to find the place where I can configure it.
Always use ~ root operator.
Response.Redirect("~/AdminTools/Groups.aspx")
You can configure your own login url by setting the LoginUrl in web.config.
<authentication mode="Forms">
<forms loginUrl="~/mylogin.aspx">
</forms>
</authentication>
In my web application i want to redirect to login page, which is in the same folder[admin folder], when i type like
"xxx.com/admin" it is redirect to login.aspx page which is in admin folder.
for this i place one index.html page and write meta tag code, even though it is not redirect to loginpage. it is going to index.aspx page. shall i have to remove this index.aspx page, i have default page also there in admin folder. can u help me.
If you are using IIS 7.5 take a look at the UrlRewrite 2 Module http://www.iis.net/download/urlrewrite
If you are using IIS 6 you can use the asp.net 2 url rewriting technique, but the xxx.com/admin/default.aspx needs to be physically existing to allow redirects to happen
Add this to your Web.config:
<authentication mode="Forms" >
<forms loginUrl="login.aspx" name=".ASPXFORMSAUTH" />
</authentication>
This will redirect users to your loginUrl if they try to access a protected page when they are not authenticated.
You should probably read up on Forms Authentication in asp.net to get all of the dirty details.
Here is an explanation of how you can add additional default documents to IIS. Default documents are used to try and determine which page a user should be directed to when they don't specify a specific page (your xxx.com/admin example)
I'm using the ASP.NET/C# Login control and that entire authentication and authorization system.
I set up the roles and have users go to certain pages when they log into the system dependent on their role. Right now I'm trying to restrict access to certain pages, which is working correctly. However, when it restricts the access to a user who shouldn't be allowed in that web page it redirects to login.aspx. I don't have a login page, I just have a login user control that sits on a master page.
How can I get it to redirect to a different page on permission failure rather than go to login.aspx
<authentication mode="Forms">
<forms loginUrl="login.aspx"name=".ASPXFORMSAUTH" />
</authentication>
set the login page in web.config