469,913 Members | 1,947 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,913 developers. It's quick & easy.

How to change a redirect when using forms-based authentication

Depending on user permissions, I would like to be able to change a redirect
to disallow certain users from going to a bookmarked page for which they
should have no access. Is there a way to modify the redirect in the
<LoginControl>_LoggedIn event?

--
Tim
May 18 '06 #1
2 1128
On Wed, 17 May 2006 18:48:01 -0700, AAOMTim
<AA*****@discussions.microsoft.com> wrote:
Depending on user permissions, I would like to be able to change a redirect
to disallow certain users from going to a bookmarked page for which they
should have no access. Is there a way to modify the redirect in the
<LoginControl>_LoggedIn event?


I think what you are wanting to do is check in the page_load event of
your aspx page. That is, after the authentication has already been
done earlier in the pipeline. What I always do is to check this:

IPrincipal iPrincipal = HttpContext.Current.User;
if (!iPrincipal.Identity.IsAuthenticated)
{
response.redirect...

This way, since I'm looking directly at the cookie I don't have to do
a sql access using Membership.GetUser().

You can also look for roles that are authorized at this point. (that
does take some sql queries though.)

Good luck
Peter Kellner
http://peterkellner.net
May 18 '06 #2
I am trying to avoid adding redirect logic to every page_load event by
handling the redirect directly after the login session.
--
Tim
"PeterKellner" wrote:
On Wed, 17 May 2006 18:48:01 -0700, AAOMTim
<AA*****@discussions.microsoft.com> wrote:
Depending on user permissions, I would like to be able to change a redirect
to disallow certain users from going to a bookmarked page for which they
should have no access. Is there a way to modify the redirect in the
<LoginControl>_LoggedIn event?


I think what you are wanting to do is check in the page_load event of
your aspx page. That is, after the authentication has already been
done earlier in the pipeline. What I always do is to check this:

IPrincipal iPrincipal = HttpContext.Current.User;
if (!iPrincipal.Identity.IsAuthenticated)
{
response.redirect...

This way, since I'm looking directly at the cookie I don't have to do
a sql access using Membership.GetUser().

You can also look for roles that are authorized at this point. (that
does take some sql queries though.)

Good luck
Peter Kellner
http://peterkellner.net

May 18 '06 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

1 post views Thread by Damo | last post: by
10 posts views Thread by Bob Garbados | last post: by
6 posts views Thread by Peter Row | last post: by
2 posts views Thread by Big E | last post: by
1 post views Thread by Andy Todd | last post: by
7 posts views Thread by Markus McGee | last post: by
3 posts views Thread by Brad Rogers | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.