Thursday, November 18, 2010

Detecting Attempts to Access a Protected Page

Q. I built an application using web site factory. The application has a
dedicated login page. If I login as "admin" and navigate to the
membership page, then log out and log back in as "user" (which does
not have rights to the membership page), I get stuck. I think because
"user" does not have rights to visit the last page I visited before I
logged out, I can not get past the login page without logging back in
as admin, navigating off of membership page, then logging back out.

A.

This is the standard ASP.NET behavior. You are signed in as a "user" but the redirect URL still tries to access the membership page, which "user" is not accessible to "user" account.

There are two options to fix that:

1) Offer a static link to the home page of your application in ~/App_Code/Controls/Login.acxs. User can click on the link to access the home page and break the login auto-redirects.

2) Add the following line of code into ~/App_Code/Controls/Login.ascx.cs:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;

public partial class Controls_Welcome : System.Web.UI.UserControl
{
    
    protected void Page_Load(object sender, EventArgs e)
    {
        if (Page.User.Identity.IsAuthenticated && 
                !String.IsNullOrEmpty(Request.Params["ReturnUrl"]))
            Response.Redirect("~/Pages/Home.aspx");
    }
}

The code will detect the RedirectUrl parameter in the page URL and redirect the user to home automatically.

2 comments:

john said...

This did not work for me. I converted your code to Visual Basic:

Partial Public Class Controls_Login
Inherits System.Web.UI.UserControl

Protected Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs) Handles Me.Load
If Page.User.Identity.IsAuthenticated AndAlso Not [String].IsNullOrEmpty(Request.Params("RedirectUrl")) Then
Response.Redirect("~/Pages/Home.aspx")
End If

End Sub
End Class

Even with this code I get the same result.

I tried debugging in Visual Studio by putting a breakpoint on the line:
If Page.User.Identity.IsAuthenticated AndAlso Not........

Every time the program stopped on this line the value for "Page.User.Identity.IsAuthenticated" was false, even if I was in the process of logging in as an authorized user.

Customer Service said...

The original version of the code has been using "RedirectUrl". The correct URL parameter is "ReturnUrl".

You can find more about Code OnTime Generator, Data Aquarium Framework, and other great products here.


© 2010 Code OnTime LLC. Intelligent code generation software for ASP.NET. Visit us at http://codeontime.com