473,714 Members | 2,192 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Login page & Session data...response .redirect, server.transfer or ???

I've got an page (LOGIN.ASPX) that receives the user's login
information. During the page load, it checks the credentials against a
database and, if validation is successful, creates an instance of an
object that stores the user's basic profile data (username, user type,
associated sales region, etc.).

I've been taking this user info and placing it in the Session object
like so...

Session["USER"] = user;
Originally, I'd been trying to use Response.Redire ct to send the users
to the next appropriate page in the application but it seems that the
Redirect kills the current thread and thus the session data is lost.

So I tried using Server.Transfer which seems to work but, of course,
the client's browser still shows "LOGIN.ASPX " in the address field. Not
really a problem except for two things...

.....when the user hits F5 to refresh the page, the page executes from
the beginning and walks through the login process all over again.

....,if the page displays a link to another page in the same
application, clicking the link will also cause the contents of the
Session object to disappear.
My questions are:

1.) Is there any way to use Redirect from the login page without losing
the contents of the Session object?

2.) Is there a more effective/efficient way to use Server.Transfer ?

Any assistance would be greatly appreciated! Thanks!

Nov 19 '05 #1
10 12202
Have you tried using User.Identity.N ame to identify the user? This may be a
more efficient method of doing this.

"GreggTB" wrote:
I've got an page (LOGIN.ASPX) that receives the user's login
information. During the page load, it checks the credentials against a
database and, if validation is successful, creates an instance of an
object that stores the user's basic profile data (username, user type,
associated sales region, etc.).

I've been taking this user info and placing it in the Session object
like so...

Session["USER"] = user;
Originally, I'd been trying to use Response.Redire ct to send the users
to the next appropriate page in the application but it seems that the
Redirect kills the current thread and thus the session data is lost.

So I tried using Server.Transfer which seems to work but, of course,
the client's browser still shows "LOGIN.ASPX " in the address field. Not
really a problem except for two things...

.....when the user hits F5 to refresh the page, the page executes from
the beginning and walks through the login process all over again.

....,if the page displays a link to another page in the same
application, clicking the link will also cause the contents of the
Session object to disappear.
My questions are:

1.) Is there any way to use Redirect from the login page without losing
the contents of the Session object?

2.) Is there a more effective/efficient way to use Server.Transfer ?

Any assistance would be greatly appreciated! Thanks!

Nov 19 '05 #2
Thanks for the suggestion, MrMike!

The user profile I'm trying to save is rather more complex than the
generic GenericPrincipa l and GenericIdentity objects. It has a few more
string properties plus a small collection of sub-profile objects. The
app is still very early in development so I suppose I could try
reworking the user profile structure, extending IPrincipal and
IIdentity and storing the info that way.

Do you know if I can then use Response.Redire ct without losing the data
or is there still a risk of that?

Nov 19 '05 #3
Here is one way to handle this:
So you need to use Forms Authentication to authenticate a given UID and
PWD
combination. These values can be in your DB and you need to look them up
and
verify that the typped in values match the ones in the DB. (Note that the
connection string for your DB has nothing to do with this. You use those
credentials to make the connection and take advantage of the connection
pool. You do NOT vary the conenct string with each user as this is a true
scalabilit killer.)

Sample code requires you to have a login method on your Principal class
(which calls your Identity class).

mUser.Login(txt UserId.Text, txtPassword.Tex t)
mUser = CType(Thread.Cu rrentPrincipal, myUser)

If mUser.Identity. IsAuthenticated = True Then
HttpContext.Cur rent.User = mUser
Session("myPrin cipal") = mUser

Web.Security.Fo rmsAuthenticati on.RedirectFrom LoginPage(txtUs erId.Text,
False)
Else
'do something else
End If
I use code like this in my Global.asax file to re-use the principal value
on
each hit:

Private Sub Global_AcquireR equestState(ByV al sender As Object, ByVal e
As
System.EventArg s) Handles MyBase.AcquireR equestState

If Not Session("myPrin cipal") Is Nothing Then
Thread.CurrentP rincipal = DirectCast(Sess ion("myPrincipa l"),
myUser)
HttpContext.Cur rent.User =DirectCast(Ses sion("myPrincip al"),
myUser)
Else
If Thread.CurrentP rincipal.Identi ty.IsAuthentica ted = True Then
Web.Security.Fo rmsAuthenticati on.SignOut()
Server.Transfer (Request.Applic ationPath + "/Login.aspx")
End If
End If

End Sub

Rocky Lhotka explains these concepts very well in his book on Business
Objects.
http://www.lhotka.net/ArticleIndex.a...ea=CSLA%20.NET

--
Joe Fallon


"GreggTB" <br********@yah oo.com> wrote in message
news:11******** **************@ o13g2000cwo.goo glegroups.com.. . I've got an page (LOGIN.ASPX) that receives the user's login
information. During the page load, it checks the credentials against a
database and, if validation is successful, creates an instance of an
object that stores the user's basic profile data (username, user type,
associated sales region, etc.).

I've been taking this user info and placing it in the Session object
like so...

Session["USER"] = user;
Originally, I'd been trying to use Response.Redire ct to send the users
to the next appropriate page in the application but it seems that the
Redirect kills the current thread and thus the session data is lost.

So I tried using Server.Transfer which seems to work but, of course,
the client's browser still shows "LOGIN.ASPX " in the address field. Not
really a problem except for two things...

....when the user hits F5 to refresh the page, the page executes from
the beginning and walks through the login process all over again.

...,if the page displays a link to another page in the same
application, clicking the link will also cause the contents of the
Session object to disappear.
My questions are:

1.) Is there any way to use Redirect from the login page without losing
the contents of the Session object?

2.) Is there a more effective/efficient way to use Server.Transfer ?

Any assistance would be greatly appreciated! Thanks!

Nov 19 '05 #4
It may very well be a good book on Business Objects but the author
appears to be using an architectural design framework of his own
creation....may be it's great but I cannot believe that the only way to
make this stuff work in .NET is to use this guy's framework. This has
to be a fairly common problem that can be handled without having to
learn some third-party design structure.

Nov 19 '05 #5
Ummm.
I think you missed the point completely.
There is no need to read the book or learn his framework.
(You would be better off if you did but that is another story.)

The code you are looking for was in my message:

Private Sub Global_AcquireR equestState(ByV al sender As Object, ByVal e As
System.EventArg s) Handles MyBase.AcquireR equestState

If Not Session("myPrin cipal") Is Nothing Then
Thread.CurrentP rincipal = DirectCast(Sess ion("myPrincipa l"), myUser)
HttpContext.Cur rent.User =DirectCast(Ses sion("myPrincip al"), myUser)
Else
If Thread.CurrentP rincipal.Identi ty.IsAuthentica ted = True Then
Web.Security.Fo rmsAuthenticati on.SignOut()
Server.Transfer (Request.Applic ationPath + "/Login.aspx")
End If
End If

End Sub
--
Joe Fallon

"GreggTB" <br********@yah oo.com> wrote in message
news:11******** **************@ o13g2000cwo.goo glegroups.com.. .
It may very well be a good book on Business Objects but the author
appears to be using an architectural design framework of his own
creation....may be it's great but I cannot believe that the only way to
make this stuff work in .NET is to use this guy's framework. This has
to be a fairly common problem that can be handled without having to
learn some third-party design structure.

Nov 19 '05 #6
Okay, sorry about that. I've no doubt I did miss the point completely.
I was still losing all of the Session info with the Response.Redire ct's
[endResponse] parameter set to [false]....I ended up just starting a
fresh web app and it's going well now. I'll try your suggestions and
I'm sure they'll work out.

Thanks for your help...and your patience!

Nov 19 '05 #7

GreggTB wrote:
I've got an page (LOGIN.ASPX) that receives the user's login
information. During the page load, it checks the credentials against a database and, if validation is successful, creates an instance of an
object that stores the user's basic profile data (username, user type, associated sales region, etc.).

I've been taking this user info and placing it in the Session object
like so...

Session["USER"] = user;
Originally, I'd been trying to use Response.Redire ct to send the users to the next appropriate page in the application but it seems that the
Redirect kills the current thread and thus the session data is lost.

So I tried using Server.Transfer which seems to work but, of course,
the client's browser still shows "LOGIN.ASPX " in the address field. Not really a problem except for two things...

....when the user hits F5 to refresh the page, the page executes from
the beginning and walks through the login process all over again.

...,if the page displays a link to another page in the same
application, clicking the link will also cause the contents of the
Session object to disappear.
My questions are:

1.) Is there any way to use Redirect from the login page without losing the contents of the Session object?

I've got a forty page app at the moment using Response.Redire ct on
practically every page, and heavily using the session.

Two ways you *might* be losing your session would be:
1) You're using cookieless session and you're redirecting to a complete
URL e.g. Response.Redire ct("http://www.mysite.com/page.aspx") would
cause the session to be reinitialised (for cookieless session)

2) You're going into a subdirectory/virtual directory which has a
seperate application configured in IIS.

Any help?

Damien

Nov 19 '05 #8
I have no clue what was causing it but it certainly wasn't either of
those. I fiddled around for a while and eventually got things rolling
along just fine.

I'm being very careful to set the endResponse parameter to "true"...

Response.Redire ct("goto.aspx" , true);

....and that seems to be working fine. Dunno why I couldn't get it to
save originally. [shrug]

I do appreciate your help, though. Thanks!

Nov 19 '05 #9
Okay...I'm just way too tired. The above reply should say...

/*************** *************** *************** *****/
I'm being very careful to set the endResponse parameter to FALSE...

Response.Redire ct("goto.aspx" , false);
/*************** *************** *************** *****/

Obviously setting it to true will abort the thread and the Session data
will be lost.

Nov 19 '05 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
1787
by: Mike | last post by:
I can not figure out what is going on here. I hope somebody can please help!!! I've got an intranet ASP3 application running on a Win2k server. This application requires a login, so the user must first go to the login.asp page before accessing any other .asp page. I have set up a redirection method so that if a user pastes a URL to an internal .asp page, I store the URL in a session variable, then I direct them to the login page. After...
9
3584
by: buran | last post by:
Dear ASP.NET Programmers, How can I post data to an ASP.NET login page and pass authentication? The login page uses forms authentication, users must supply usernames and password and have to click on a submit button. I want to automate this process by supplying values with HttpWebRequest and then download a file on the site. I think that I cannot invoke the submit button. Pleeeasee help, thanks in advance
2
3376
by: Pete | last post by:
Hi all... I sincerly hope one of the MS guys can clear this up for me... First some background... Ok, I have a web site which is fully translatable into several languages. All the strings for the web site are held in a database and all the labels, buttons etc are populated at run time in the Page_Load handler. The retreval of the strings from the database is all
3
2122
by: Shapper | last post by:
Hello, I am working on an ASP.NET/VB web site. I have several links including menu links. Considerer a want to load a page named page.aspx. I can do it using javascript. Or using this code: Sub loadPage(sender As Object, e As System.EventArgs, pageURL as String)
9
3331
by: antonyliu2002 | last post by:
I want to create session objects for all web controls in a page. Right now, I am doing it in a dumb way like this (for example): Session("Session1") = ctrl1.Text Session("Session2") = ctrl2.Text Session("Session3") = ctrl3.Text Session("Session4") = ctrl4.SelectedValue Session("Session5") = ctrl5.Text Session("Session6") = ctrl6.Text
6
4889
by: scottyman | last post by:
I can't make this script work properly. I've gone as far as I can with it and the rest is out of my ability. I can do some html editing but I'm lost in the Java world. The script at the bottom of the html page controls the form fields that are required. It doesn't function like it's supposed to and I can leave all the fields blank and it still submits the form. Also I can't get it to transfer the file in the upload section. The file name...
0
1141
by: John Meyer | last post by:
index: <%@ Page Language="VB" ContentType="text/html" ResponseEncoding="iso-8859-1" %> <%@ Import Namespace="System.Data" %> <%@ Import Namespace="System.Data.OleDb" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <script runat="server">
1
1757
by: Culley | last post by:
I've created a secure login site. Everything works fine except for one thing... the redirect. I want to redirect users to the correct page they are accessing (say they're just clicking a link they've saved to a particular page in the secure site) rather than forcing them to navigate in from a default "login successful" page. In each secure page, I have this include file: <% if Session("valid") = "" Then Response.Redirect...
3
6223
by: satishknight | last post by:
Hi, Can some one tell me how to change the validation sequence for the code pasted below, actually what I want it when any one enters the wrong login information (already registered users) then it has to tell then them its wrong information but currently it takes then to a next page and then tells them its incorrect information. This is tedious as every time they enter wrong they will be redirected to a different page and then they have to...
0
8815
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
8713
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
9318
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
1
9080
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
9033
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
0
7960
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
0
5961
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
4730
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
3
2113
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.