Hello,
I have some pages that are protected by forms authentication, and am
adding code to the global.asax so that if someone tries to load (say)
/order83.aspx, if they are logged in, it will rewrite the url to
/order.aspx?orderid=83, and if they aren't logged in, it will redirect
them to the default page.
The reason for this is that I don't want people seeing the login page if
they aren't site admin folk. If I just let the normal authentication
stuff do it's job, they will be sent to the log in page. Non admin
people shouldn't know that the log in page even exists, so I don't want
to show it to them.
So what I am doing in global.asax is this ...
void Application_BeginRequest(Object sender , EventArgs e) {
string strPath = Request.Path.ToLower();
if (strPath.StartsWith("/order") {
if ((User != null) && (User.Identity != null) && (User.Identity.IsAuthenticated)) {
// do stuff here to get the order number and rewrite the URL
} else {
Response.Redirect("/");
}
}
}
Obviously this is greatly simplified from what's actually in there, but
this is the important bit.
The problem is that the check for the user being logged in is failing,
even when I am logged in. It seems that User is null, irrespective of
being logged in or not.
The weird thing is that I previously had that line just as...
if (User.Identity.IsAuthenticated) {
and it worked fine. Just today, I started getting a run time error
saying that the object (which I found out meant User) was null. That's
why I added the extra tests in the if statement. The only change I know
of is that Windows prompted me for an update today, something to do with
a security threat in graphics code. I didn't really take to much notice
unfortunately, but I'm pretty sure it was not related to this.
Anyone any ideas? I'm stuck!! TIA
--
Alan Silver
(anything added below this line is nothing to do with me)
3  1653 
Do you deny anonymous access?
"Alan Silver" <al*********@nospam.thanx> wrote in message
news:Sn**************@nospamthankyou.spam... Hello,
I have some pages that are protected by forms authentication, and am
adding code to the global.asax so that if someone tries to load (say)
/order83.aspx, if they are logged in, it will rewrite the url to
/order.aspx?orderid=83, and if they aren't logged in, it will redirect
them to the default page.
The reason for this is that I don't want people seeing the login page if
they aren't site admin folk. If I just let the normal authentication stuff
do it's job, they will be sent to the log in page. Non admin people
shouldn't know that the log in page even exists, so I don't want to show
it to them.
So what I am doing in global.asax is this ...
void Application_BeginRequest(Object sender , EventArgs e) {
string strPath = Request.Path.ToLower();
if (strPath.StartsWith("/order") {
if ((User != null) && (User.Identity != null) &&
(User.Identity.IsAuthenticated)) {
// do stuff here to get the order number and rewrite the URL
} else {
Response.Redirect("/");
}
}
}
Obviously this is greatly simplified from what's actually in there, but
this is the important bit.
The problem is that the check for the user being logged in is failing,
even when I am logged in. It seems that User is null, irrespective of
being logged in or not.
The weird thing is that I previously had that line just as...
if (User.Identity.IsAuthenticated) {
and it worked fine. Just today, I started getting a run time error saying
that the object (which I found out meant User) was null. That's why I
added the extra tests in the if statement. The only change I know of is
that Windows prompted me for an update today, something to do with a
security threat in graphics code. I didn't really take to much notice
unfortunately, but I'm pretty sure it was not related to this.
Anyone any ideas? I'm stuck!! TIA
--
Alan Silver
(anything added below this line is nothing to do with me)
Begin Request is before forms authentication has been done (IIS autheication
has been as IIS does this). You want to use a later event.
-- bruce (sqlwork.com)
"Alan Silver" <al*********@nospam.thanx> wrote in message
news:Sn**************@nospamthankyou.spam... Hello,
I have some pages that are protected by forms authentication, and am
adding code to the global.asax so that if someone tries to load (say)
/order83.aspx, if they are logged in, it will rewrite the url to
/order.aspx?orderid=83, and if they aren't logged in, it will redirect
them to the default page.
The reason for this is that I don't want people seeing the login page if
they aren't site admin folk. If I just let the normal authentication stuff
do it's job, they will be sent to the log in page. Non admin people
shouldn't know that the log in page even exists, so I don't want to show
it to them.
So what I am doing in global.asax is this ...
void Application_BeginRequest(Object sender , EventArgs e) {
string strPath = Request.Path.ToLower();
if (strPath.StartsWith("/order") {
if ((User != null) && (User.Identity != null) &&
(User.Identity.IsAuthenticated)) {
// do stuff here to get the order number and rewrite the URL
} else {
Response.Redirect("/");
}
}
}
Obviously this is greatly simplified from what's actually in there, but
this is the important bit.
The problem is that the check for the user being logged in is failing,
even when I am logged in. It seems that User is null, irrespective of
being logged in or not.
The weird thing is that I previously had that line just as...
if (User.Identity.IsAuthenticated) {
and it worked fine. Just today, I started getting a run time error saying
that the object (which I found out meant User) was null. That's why I
added the extra tests in the if statement. The only change I know of is
that Windows prompted me for an update today, something to do with a
security threat in graphics code. I didn't really take to much notice
unfortunately, but I'm pretty sure it was not related to this.
Anyone any ideas? I'm stuck!! TIA
--
Alan Silver
(anything added below this line is nothing to do with me)
>Begin Request is before forms authentication has been done (IIS autheication has been as IIS does this). You want to use a later event.
Ah, that would explain why User was null!!
Can I do URL rewriting in later events? I thought it had to be done in
BeginRequest.
Thanks
"Alan Silver" <al*********@nospam.thanx> wrote in message
news:Sn**************@nospamthankyou.spam... Hello,
I have some pages that are protected by forms authentication, and am
adding code to the global.asax so that if someone tries to load (say)
/order83.aspx, if they are logged in, it will rewrite the url to
/order.aspx?orderid=83, and if they aren't logged in, it will redirect
them to the default page.
The reason for this is that I don't want people seeing the login page if
they aren't site admin folk. If I just let the normal authentication stuff
do it's job, they will be sent to the log in page. Non admin people
shouldn't know that the log in page even exists, so I don't want to show
it to them.
So what I am doing in global.asax is this ...
void Application_BeginRequest(Object sender , EventArgs e) {
string strPath = Request.Path.ToLower();
if (strPath.StartsWith("/order") {
if ((User != null) && (User.Identity != null) &&
(User.Identity.IsAuthenticated)) {
// do stuff here to get the order number and rewrite the URL
} else {
Response.Redirect("/");
}
}
}
Obviously this is greatly simplified from what's actually in there, but
this is the important bit.
The problem is that the check for the user being logged in is failing,
even when I am logged in. It seems that User is null, irrespective of
being logged in or not.
The weird thing is that I previously had that line just as...
if (User.Identity.IsAuthenticated) {
and it worked fine. Just today, I started getting a run time error saying
that the object (which I found out meant User) was null. That's why I
added the extra tests in the if statement. The only change I know of is
that Windows prompted me for an update today, something to do with a
security threat in graphics code. I didn't really take to much notice
unfortunately, but I'm pretty sure it was not related to this.
Anyone any ideas? I'm stuck!! TIA
--
Alan Silver
(anything added below this line is nothing to do with me)
--
Alan Silver
(anything added below this line is nothing to do with me) This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: baustin75 |
last post by:
Posted: Mon Oct 03, 2005 1:41 pm Post subject: cannot mail() in ie
only when debugging in php designer 2005
--------------------------------------------------------------------------------
...
|
by: Brian Lowe |
last post by:
I'm using Forms authentication with my user data in a SQL db. I have pages
in the main appliaction folder accessible to anonymous users and I've set
security to deny annonymous users access to...
|
by: Matthew |
last post by:
Ok let me try to explain this as good as I can. I am creating this
application where it contains a userlogin class. The user logs in
before entering the main apploication. I want to do audit trails...
|
by: crescent_au |
last post by:
Hi all,
I've written a login/logout code. It does what it's supposed to do but
the problem is when I logout and press browser's back button (in
Firefox), I get to the last login page. In IE,...
|
by: Jay |
last post by:
I have a multi threaded VB.NET application (4 threads) that I use to send
text messages to many, many employees via system.timer at a 5 second
interval. Basically, I look in a SQL table (queue) to...
|
by: AppleBag |
last post by:
I'm having the worst time trying to login to myspace through code. Can
someone tell me how to do this? Please try it yourself before replying,
only because I have asked this a couple of times in...
|
by: gunimpi |
last post by:
http://www.vbforums.com/showthread.php?p=2745431#post2745431
********************************************************
VB6 OR VBA & Webbrowser DOM Tiny $50 Mini Project Programmer help
wanted...
|
by: shrik |
last post by:
I have following error :
Total giant files in replay configuration file are :
File name : /new_file/prob1.rec
Given file /new_file/prob1.rec is successfully verified.
Splitting for giant file...
|
by: Jonathan Wood |
last post by:
I've spent days trying to come up with a solution. I'd appreciate it if
anyone can help.
My site requires all users to log on. There are three different roles of
users, and each user type will...
|
by: CloudSolutions |
last post by:
Introduction:
For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome former...
|
by: ryjfgjl |
last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
| |
