ASP.NET page redirection / crosspost - asp.net

I have 3 asp.net pages: Search.aspx, Results.aspx and Login.aspx.
Now I want anonymous users to be able to search, so everyone can use search.aspx. This page calls
Server.Transfer(Results.aspx)
and therefore shows the results. Now when the user is not logged in, a link to the login page is displayed on the Results page. The problem is:
After the login, I want the user to be redirected automatically to the Results page. However I do not succeed so, as the PreviousPage property of Login.aspx is always null. And when I use
Request.UrlReferrer.LocalPath
it's the link to Search.aspx but not Results.aspx.
Also, when the user is on the Results page, how do I enable him to go back by clicking a link and all his search input criteria (like in textboxes) on the Search.aspx is still there so he can refine the search after having seen the results? Whenever I send the user back, all user input is lost.
I still haven't figured out if I should use a normal hyperlink, a linkbutton and how to retrieve the previous page url or preserve the input data.
I can use AJAX if that is any help, but a "pure" asp.net solution would be preferred.

When you do a Server.Transfer it is a serverside redirect...meaning the client still sees the original URL. You need to post the search criteria to the results page, store them locally, show the login link. When they are logged in you can redirect to the results page and rehydrate the search critera and show the results.

Try using Response.Redirect("url") instead of Server.Transfer. When you use Server.Transfer, the url on the client will remain the Search page and not actually redirect to the Results.

You can use User.Identity.IsAuthenticated to check if the user is logged in and show/hide the login button based on that.
To keep values for the page, you could store them in Session, then have the Search page look for them and, if they exist, place them in the controls.

You can also embed the URL you want to return to after login into the querystring if you want.

Related

user input link will go back to login once the user logged in it will go to the link earlier input instead of dashboard

Sorry to ask but I don't what is the exact call on this.
I have a scenario for example I paste this link localhost/Dashboard/Treatment the user will go back to the login page once the user logged it will go to this localhost/Dashboard/Treatment instead of Main Page using asp.net.
I need is only the exactly the call on this process so that I will do the research.
Sorry beginner :)
If you are using login control, you can use DestinationPageUrl property in your code.
If you just use things like text boxes and button controls, then in your Button_Click event, you can just use Response.Redirect("DestinationHere").
If you don't want change anything in your page, you can add return RedirectToAction({actionName}, {controllerName}); in your login method.

asp.net redirection defect

I am working on asp.net application.the user is clicks on some link which is inside grid item template field. if he is not logged in then he redirects to login page. after log in he is properly coming back to same page;the problem is that "i have passed the value in querystring to the page where he click on the link and after loggedIn the grid is showing blank because that grid is not getting query string value" I think you understand my problem.plz share your helpful opinion.
http://www.aspdotnetfaq.com/Faq/what-is-the-difference-between-server-transfer-and-response-redirect-methods.aspx
It is not a defect, but the desired behavior of Response.Redirect.
Store value in session and retrieve it after he gets back successfully from the login page.

Track a login event in Google Analytics

I would like to track a login event on my website.
The user writes username and pass then clicks on login, the form is submited and server checks if password is correct then redirect to the home page if it is.
But how could I add a Login event to GA? If I add it to the login button it wont be totally accurate as it will count even the failed login attempts.
Any ideas on how to solve this?
Thanks
Chris
Great question!
I think what you want is the Custom Variables that google analytics offers.
Simply put, for each page your user visits you set a custom variable with it's username for example.
I don't think you are interested in the login event, rather you are interested in what a logged in user visits - and this solution solves your problem
The Custom Variables answer will serve your purposes as outlined below but if you want another alternative (or actually really want to use Track Events) you could also add in a parameter to a successful logon which you can then read and process as you wish.
So for example:
Login
This will create a link to your login page. If the login is successful it will redirect back to the current page with the parameter login=true in the URL.
(You could check this parameter via JS for example and fire the Analytics track event call based on this).
One way to do this is let your login redirect to a page which says something like: "Thank you for logging in" and register this pageview to Google Analytics. And then have that page auto redirect you after 5 seconds to the page you were viewing. I've seen this done on a good amount of websites. If your login is using partial refresh you could even do it without having the user pass by a seperate page.
The simplest way is to use virtual pageviews (tutorial). It's a small piece of JS code, that you execute on any event you want. It makes GA think that there was a pageview. So you make a conditional statement like "if login == OK -> create a virtual pageview with URI "virtual/login/OK". Then you simply set this URI as a goal.
Custom Vars can be used for individual users but you need to set up a unique ID so that only you could recognise that once you pull the data out of GA. So in your dbase set a GoogleAnalyticsID against each user, then send that as a custom var to track users.

How to implement customized home-page for different users?

I have an ASP.Net(VB.Net) project which has various modules/functionality. I want to give users the freedom to set their own default startup page.
I don't know how to get a head-start implementing this feature.
Also, I am NOT using MVC
On the master page place some control to choose current page as default (i.e. button or checkbox). After user has select current page as default you can store the page address to user's profile or any storage you like.
Set the site start page like Default.aspx and in the Page_Load method of this page read user's saved default page if exists and redirect to it.
You'd want to set up a way for the User to store their preferred home page in your database (or your preferred method). Once that's done you should be able to do this in a simple fashion:
ASP.NET WebForms:
On the Master Page / Default page, check to see if they're logged in in your Page_Load event.
If they are, check to see if they have a start up page saved, if they do then use Response.Redirect and send them to their preferred location.
If they don't, or aren't logged in, then show them the default page.
ASP.NET MVC:
On the HomeController's Index method check to see if they're logged in.
If they are, check to see if they have a start up page saved, if they do then use RedirectToAction and send them to their preferred location.
If they don't, or aren't logged in, then show them the default view.
There are probably plenty of other ways to accomplish this as well, but this should be a straight forward way to get your started.

Unsecure posting back from an asp.net control on a secure page while avoiding authentication

We are using standard asp.net forms authentication. Certain pages require a user to be logged in; and least some of these pages are delivered by https. There is a search control at the top of each page. When this is used, we don't care whether the user's session has expired, even if the current page requires a log in.
However, currently, when performing the search, the built-in forms authentication sees that the page being posted to requires authentication and redirects the user to the login page, with the previous page, not the search results page as the referrer.
What is the best way of bypassing the security here? I have considered posting to a different page using the PostBackUrl property, but if this is not https you get the "you are posting data to an unsecure connection" message, which users don't like.
Thanks for any help.
Edit: thanks Nick for your suggestion of using a GET on the search page. We are doing this already, but the query string is constructed by the search input control then redirects. How can we build up the query string without using a postback? (Obviously javascript is an option but I was hoping to find an alternative mechanism.)
For the search page you want to make sure the search is happening via a GET request. (i.e. like google with the "q" in the query string) Chances are you are doing a POST.
So change your
<form method="post" ...>
to
<form method="get" ...>
The biggest mistake most developers make with search pages is to do a post back. HTTP was designed to do queries or searches through the query string (thus the name), and to get a form to post to a query string instead of the body you need to use a "GET" method. This way any search device can use your search page, even the browsers search box.
Second you want to create a special location config for you search page. You add this to your web.config.
<location path="my-search-page.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
This creates a special override for that one page and everything inside the location tag uses the exact same web.config structure to override the web.config.
You will want to repeat this for each page you want to allow all users to.
If the search results page is performing a postback the pageload event will be fired before your search button is clicked.
So if the page they are on required a login that login command will be run before the search button click event sending them back to the login screen.
There are a few ways round this make the search a normal html form and make itperform a GET not a POST and mentioned by "Nick"
Ort if the whole page is inside a .net postback form you will need to add the search button event to a overload of the page load so it fires first.
This site has a good article on the page like cycle and its overrides.
http://www.15seconds.com/issue/020102.htm
As suggested in other answers the most correct way to do this would be to have the search input control in a separate form which has a method of get and an action of searchresults.aspx. However this is difficult with aspx as you can only have one server-side form on a page.
In the end the solution I came to, which works very well, was to have an HttpModule that spotted if the "search" button had been clicked (by looking to see if a param with its id existed) then built up a query string by looking for the criteria params and redirected to the search results page. This means that all the authentication / authorisation modules are bypassed as we have already called a redirect to the (unsecured) search results page before they are triggered.
It's slightly brittle but for us it works very well.

Resources