I've spent days trying to come up with a solution. I'd appreciate it if
anyone can help.
My site requires all users to log on. There are three different roles of
users, and each user type will have access to a completely different set of
pages. "Client" pages are in the root folder and "Admin" and "Trainer" pages
each have their own subfolders.
The problem is that when a user goes to the domain, I want to redirect
"Admin" and "Trainer" users to the appropriate subfolder.
I tried to redirect users in response to the LoggedIn event handler for the
Login control (even though the Roles object has not been initialized then).
That works but if the user clicks the "remember me" box, they can come back
to the site, still logged in, without firing this event.
So I tried to put code in /Default.aspx to test for "Admin" or "Trainer"
users but, since these users don't have access to /Default.aspx, that code
never runs for these users.
So then I tried something like the following:
protected void Application_PostAcquireRequestState(object sender, EventArgs
e)
{
string url = HttpContext.Current.Request.RawUrl;
if (url.EndsWith("Default.aspx", StringComparison.OrdinalIgnoreCase))
{
switch (Users.GetRole())
{
case Users.UserRoles.RoleAdmin:
HttpContext.Current.Server.Transfer("~/Admin/Default.aspx");
break;
case Users.UserRoles.RoleTrainer:
HttpContext.Current.Server.Transfer("~/Trainer/Default.aspx");
break;
}
}
}
Note: Users.GetRole is a custom routine and works when called.
This approach is just plain messy. It's hard to determine exactly when the
user is actually being taken to the default page. If they haven't logged on,
ASP.NET will be redirecting the user to my login page. Then, when I click
"logout," it prevents the page being redirected to the login page. I just
can't seem to make this work reliably.
Any suggestions?
Thanks.
--
Jonathan Wood
SoftCircuits Programming http://www.softcircuits.com 9  2308 
It seems to me that there's a flaw in your requirement. I would think that
when the user goes to the Home Page initially, you might want to redirect
them, but that they may want to come back to a different page (perhaps
bookmarked) at another time. So, I would think that when the user initially
logs in, you may want to redirect them, and the only other time you might
want to redirect them is when they initially visit the home page. In that
case, if they have a Cookie, you just check to Referer of the Request to see
if they have come from another domain or just started up their browser. If
the HttpReferer is within the domain, you would not want to redirect them.
--
HTH,
Kevin Spencer
Chicken Salad Surgeon
Microsoft MVP
"Jonathan Wood" <jw***@softcircuits.comwrote in message
news:u5**************@TK2MSFTNGP03.phx.gbl...
I've spent days trying to come up with a solution. I'd appreciate it if
anyone can help.
My site requires all users to log on. There are three different roles of
users, and each user type will have access to a completely different set
of pages. "Client" pages are in the root folder and "Admin" and "Trainer"
pages each have their own subfolders.
The problem is that when a user goes to the domain, I want to redirect
"Admin" and "Trainer" users to the appropriate subfolder.
I tried to redirect users in response to the LoggedIn event handler for
the Login control (even though the Roles object has not been initialized
then). That works but if the user clicks the "remember me" box, they can
come back to the site, still logged in, without firing this event.
So I tried to put code in /Default.aspx to test for "Admin" or "Trainer"
users but, since these users don't have access to /Default.aspx, that code
never runs for these users.
So then I tried something like the following:
protected void Application_PostAcquireRequestState(object sender,
EventArgs e)
{
string url = HttpContext.Current.Request.RawUrl;
if (url.EndsWith("Default.aspx", StringComparison.OrdinalIgnoreCase))
{
switch (Users.GetRole())
{
case Users.UserRoles.RoleAdmin:
HttpContext.Current.Server.Transfer("~/Admin/Default.aspx");
break;
case Users.UserRoles.RoleTrainer:
HttpContext.Current.Server.Transfer("~/Trainer/Default.aspx");
break;
}
}
}
Note: Users.GetRole is a custom routine and works when called.
This approach is just plain messy. It's hard to determine exactly when the
user is actually being taken to the default page. If they haven't logged
on, ASP.NET will be redirecting the user to my login page. Then, when I
click "logout," it prevents the page being redirected to the login page. I
just can't seem to make this work reliably.
Any suggestions?
Thanks.
--
Jonathan Wood
SoftCircuits Programming
http://www.softcircuits.com
Kevin,
It seems to me that there's a flaw in your requirement. I would think that
when the user goes to the Home Page initially, you might want to redirect
them, but that they may want to come back to a different page (perhaps
bookmarked) at another time. So, I would think that when the user
initially logs in, you may want to redirect them, and the only other time
you might want to redirect them is when they initially visit the home
page.
I'm sorry but I don't understand this reply at all. How does any of this
conflict with my requirements? The code in my last solution only redirects
them if the home page is being requested. Perhaps you are thinking about the
solution that redirects them once they've logged in. My requirements would
be happy to only redirect them when they go to the home page initially. The
problem is I've found no way to reliably do that.
In that case, if they have a Cookie, you just check to Referer of the
Request to see if they have come from another domain or just started up
their browser. If the HttpReferer is within the domain, you would not want
to redirect them.
Since I'm new to ASP.NET, I'm not familiar with this but will look into it.
It certainly raises a number of questions in my mind (What happens if they
don't have a cookie? When accessing the home and being redirected by ASP.NET
to my login page, does the referrer show the page they were redirected from
or the page they had previously? And what happens if the browser is opened
to my page--there is no referrer page?)
Thanks.
--
Jonathan Wood
SoftCircuits Programming http://www.softcircuits.com
--
HTH,
Kevin Spencer
Chicken Salad Surgeon
Microsoft MVP
"Jonathan Wood" <jw***@softcircuits.comwrote in message
news:u5**************@TK2MSFTNGP03.phx.gbl...
>I've spent days trying to come up with a solution. I'd appreciate it if
anyone can help.
My site requires all users to log on. There are three different roles of
users, and each user type will have access to a completely different set
of pages. "Client" pages are in the root folder and "Admin" and "Trainer"
pages each have their own subfolders.
The problem is that when a user goes to the domain, I want to redirect
"Admin" and "Trainer" users to the appropriate subfolder.
I tried to redirect users in response to the LoggedIn event handler for
the Login control (even though the Roles object has not been initialized
then). That works but if the user clicks the "remember me" box, they can
come back to the site, still logged in, without firing this event.
So I tried to put code in /Default.aspx to test for "Admin" or "Trainer"
users but, since these users don't have access to /Default.aspx, that
code never runs for these users.
So then I tried something like the following:
protected void Application_PostAcquireRequestState(object sender,
EventArgs e)
{
string url = HttpContext.Current.Request.RawUrl;
if (url.EndsWith("Default.aspx", StringComparison.OrdinalIgnoreCase))
{
switch (Users.GetRole())
{
case Users.UserRoles.RoleAdmin:
HttpContext.Current.Server.Transfer("~/Admin/Default.aspx");
break;
case Users.UserRoles.RoleTrainer:
HttpContext.Current.Server.Transfer("~/Trainer/Default.aspx");
break;
}
}
}
Note: Users.GetRole is a custom routine and works when called.
This approach is just plain messy. It's hard to determine exactly when
the user is actually being taken to the default page. If they haven't
logged on, ASP.NET will be redirecting the user to my login page. Then,
when I click "logout," it prevents the page being redirected to the login
page. I just can't seem to make this work reliably.
Any suggestions?
Thanks.
--
Jonathan Wood
SoftCircuits Programming
http://www.softcircuits.com
Hi Jonathan,
Actually, the "Remember Me" box only remembers their username. If they close
their browser, open a new one, and return to your site they will still have
to log in again. The aspnet Membership cookie is only valid for one browser
session.
The problem, then, is if they don't close the browser at all. Presumably
they are navigating away from your site then navigating back without closing
their browser. I also presume that the method they are using to navigate
back is taking them to a page that they are not allowed to view.
So, I think that the problem you really have is "What do I do if a user
tries to navigate to a page they are not allowed to view?"
Well, obviously the first step is to NOT link them to a page they can't
view. If the "Default.aspx" page at the root of your domain is secured
against some users, then I'd say you should reconsider that design. Maybe
something like this:
/Default.aspx - No security. Auto-redirect if already logged in?
/Admins/Default.aspx - Admin role only.
/Trainers/Default.aspx - Trainer role only.
/Other/Default.aspx - Pages for both admins & trainers??
etc...
That still doesn't stop users from typing whatever the heck they want in the
address bar, so you still need to handle those errors. I'm guessing you have
a default exception page:
global.asax:
void Application_Error(object sender, EventArgs e)
{
// Code that runs when an unhandled error occurs
Server.Transfer("~/UnexpectedError.aspx");
}
So in the page load of "UnexpectedError.aspx" you could check
Server.GetLastError() and if it's a security exception simply redirect to
the default page for their role.
Scott
"Jonathan Wood" <jw***@softcircuits.comwrote in message
news:u5**************@TK2MSFTNGP03.phx.gbl...
I tried to redirect users in response to the LoggedIn event handler for
the Login control (even though the Roles object has not been initialized
then). That works but if the user clicks the "remember me" box, they can
come back to the site, still logged in, without firing this event.
"Jonathan Wood" <jw***@softcircuits.comwrote in message
news:ut**************@TK2MSFTNGP02.phx.gbl...
That's not what it appears to do for me. First off, it does not remember
my user name after being checked. And when I do check it, I can close the
browser, and when I run it again, no login is needed. (This is running it
from Visual Studio.)
My apologies, you appear to be exactly correct.
I've thought about this. I guess it's one option. Most users fall into the
category of Clients and so I wanted them to have the root folder. I'll
give this some more thought though.
I always hate it when people try to change my design instead of help me
solve my problem, so I hesitate to answer other people's questions in that
manner. However, in this case, I really think you'll save yourself a lot of
headaches by creating a "Client" sub-folder. It not only solves your
auto-login problem but also your shared images/css problem.
I'm probably the last person to give advice but anyway.
I have a session variable "LoggedIn" which I explicitly set when the
user logs in (and unset when they logout)
In my MASTER page, in the OnLoad handler (there is probably a better
place to do this) :
- If "LoggedIn" is false AND AppRelativeCurrentExecutionFilePath !=
Default.aspx, I redirect to Default.aspx
In Default.aspx OnLoad
- If logged in is true, I redirect to AdminHome.aspx, UserHome.aspx etc
depending on Role.
There is actually a bit more to it as I am using a MySql Membership
Provider but this seems to work.
>
I've spent days trying to come up with a solution. I'd appreciate it
if
anyone can help.
My site requires all users to log on. There are three different roles
of
users, and each user type will have access to a completely different
set of
pages. "Client" pages are in the root folder and "Admin" and "Trainer"
pages
each have their own subfolders.
The problem is that when a user goes to the domain, I want to redirect
"Admin" and "Trainer" users to the appropriate subfolder.
I tried to redirect users in response to the LoggedIn event handler
for
the
Login control (even though the Roles object has not been initialized
then).
That works but if the user clicks the "remember me" box, they can come
back
to the site, still logged in, without firing this event.
So I tried to put code in /Default.aspx to test for "Admin" or
"Trainer"
users but, since these users don't have access to /Default.aspx, that
code
never runs for these users.
So then I tried something like the following:
protected void Application_PostAcquireRequestState(object sender,
EventArgs
e)
{
string url = HttpContext.Current.Request.RawUrl;
if (url.EndsWith("Default.aspx",
StringComparison.OrdinalIgnoreCase))
{
switch (Users.GetRole())
{
case Users.UserRoles.RoleAdmin:
HttpContext.Current.Server.Transfer("~/Admin/Default.aspx");
break;
case Users.UserRoles.RoleTrainer:
HttpContext.Current.Server.Transfer("~/Trainer/Default.aspx");
break;
}
}
}
Note: Users.GetRole is a custom routine and works when called.
This approach is just plain messy. It's hard to determine exactly when
the
user is actually being taken to the default page. If they haven't
logged on,
ASP.NET will be redirecting the user to my login page. Then, when I
click
"logout," it prevents the page being redirected to the login page. I
just
can't seem to make this work reliably.
Any suggestions?
Thanks.
--
Jonathan Wood
SoftCircuits Programming
http://www.softcircuits.com
Scott,
>That's not what it appears to do for me. First off, it does not remember
my user name after being checked. And when I do check it, I can close the
browser, and when I run it again, no login is needed. (This is running it
from Visual Studio.)
My apologies, you appear to be exactly correct.
Personally, I've found the default functionality of that box confusing.
I always hate it when people try to change my design instead of help me
solve my problem, so I hesitate to answer other people's questions in that
manner. However, in this case, I really think you'll save yourself a lot
of headaches by creating a "Client" sub-folder. It not only solves your
auto-login problem but also your shared images/css problem.
Well, I'm new enough to ASP.NET that I'm interested in all ideas. In some
ways, it's not as clean a design, but you're right, in solves a number of
problems nicely.
Thanks.
--
Jonathan Wood
SoftCircuits Programming http://www.softcircuits.com
Ian,
I have a session variable "LoggedIn" which I explicitly set when the
user logs in (and unset when they logout)
In my MASTER page, in the OnLoad handler (there is probably a better
place to do this) :
- If "LoggedIn" is false AND AppRelativeCurrentExecutionFilePath !=
Default.aspx, I redirect to Default.aspx
In Default.aspx OnLoad
- If logged in is true, I redirect to AdminHome.aspx, UserHome.aspx etc
depending on Role.
There is actually a bit more to it as I am using a MySql Membership
Provider but this seems to work.
As currently implemented, this wouldn't work for me because the roles that
need to be redirected do not have access to Default.aspx, and the code could
never run.
Thanks.
--
Jonathan Wood
SoftCircuits Programming http://www.softcircuits.com
Hi Jonathan,
The HttpRequest.UrlReferer property contains the Uri of the Referer. And
yes, if they have just opened their browser there will be no referer.
--
HTH,
Kevin Spencer
Chicken Salad Surgeon
Microsoft MVP
"Jonathan Wood" <jw***@softcircuits.comwrote in message
news:uu**************@TK2MSFTNGP06.phx.gbl...
Kevin,
>It seems to me that there's a flaw in your requirement. I would think
that when the user goes to the Home Page initially, you might want to
redirect them, but that they may want to come back to a different page
(perhaps bookmarked) at another time. So, I would think that when the
user initially logs in, you may want to redirect them, and the only other
time you might want to redirect them is when they initially visit the
home page.
I'm sorry but I don't understand this reply at all. How does any of this
conflict with my requirements? The code in my last solution only redirects
them if the home page is being requested. Perhaps you are thinking about
the solution that redirects them once they've logged in. My requirements
would be happy to only redirect them when they go to the home page
initially. The problem is I've found no way to reliably do that.
>In that case, if they have a Cookie, you just check to Referer of the
Request to see if they have come from another domain or just started up
their browser. If the HttpReferer is within the domain, you would not
want to redirect them.
Since I'm new to ASP.NET, I'm not familiar with this but will look into
it. It certainly raises a number of questions in my mind (What happens if
they don't have a cookie? When accessing the home and being redirected by
ASP.NET to my login page, does the referrer show the page they were
redirected from or the page they had previously? And what happens if the
browser is opened to my page--there is no referrer page?)
Thanks.
--
Jonathan Wood
SoftCircuits Programming
http://www.softcircuits.com
>--
HTH,
Kevin Spencer
Chicken Salad Surgeon
Microsoft MVP
"Jonathan Wood" <jw***@softcircuits.comwrote in message
news:u5**************@TK2MSFTNGP03.phx.gbl...
>>I've spent days trying to come up with a solution. I'd appreciate it if
anyone can help.
My site requires all users to log on. There are three different roles of
users, and each user type will have access to a completely different set
of pages. "Client" pages are in the root folder and "Admin" and
"Trainer" pages each have their own subfolders.
The problem is that when a user goes to the domain, I want to redirect
"Admin" and "Trainer" users to the appropriate subfolder.
I tried to redirect users in response to the LoggedIn event handler for
the Login control (even though the Roles object has not been initialized
then). That works but if the user clicks the "remember me" box, they can
come back to the site, still logged in, without firing this event.
So I tried to put code in /Default.aspx to test for "Admin" or "Trainer"
users but, since these users don't have access to /Default.aspx, that
code never runs for these users.
So then I tried something like the following:
protected void Application_PostAcquireRequestState(object sender,
EventArgs e)
{
string url = HttpContext.Current.Request.RawUrl;
if (url.EndsWith("Default.aspx", StringComparison.OrdinalIgnoreCase))
{
switch (Users.GetRole())
{
case Users.UserRoles.RoleAdmin:
HttpContext.Current.Server.Transfer("~/Admin/Default.aspx");
break;
case Users.UserRoles.RoleTrainer:
HttpContext.Current.Server.Transfer("~/Trainer/Default.aspx");
break;
}
}
}
Note: Users.GetRole is a custom routine and works when called.
This approach is just plain messy. It's hard to determine exactly when
the user is actually being taken to the default page. If they haven't
logged on, ASP.NET will be redirecting the user to my login page. Then,
when I click "logout," it prevents the page being redirected to the
login page. I just can't seem to make this work reliably.
Any suggestions?
Thanks.
--
Jonathan Wood
SoftCircuits Programming
http://www.softcircuits.com
Right.
--
Jonathan Wood
SoftCircuits Programming http://www.softcircuits.com
"Kevin Spencer" <un**********@nothinks.comwrote in message
news:uo**************@TK2MSFTNGP02.phx.gbl...
Hi Jonathan,
The HttpRequest.UrlReferer property contains the Uri of the Referer. And
yes, if they have just opened their browser there will be no referer.
--
HTH,
Kevin Spencer
Chicken Salad Surgeon
Microsoft MVP
"Jonathan Wood" <jw***@softcircuits.comwrote in message
news:uu**************@TK2MSFTNGP06.phx.gbl...
>Kevin,
>>It seems to me that there's a flaw in your requirement. I would think
that when the user goes to the Home Page initially, you might want to
redirect them, but that they may want to come back to a different page
(perhaps bookmarked) at another time. So, I would think that when the
user initially logs in, you may want to redirect them, and the only
other time you might want to redirect them is when they initially visit
the home page.
I'm sorry but I don't understand this reply at all. How does any of this
conflict with my requirements? The code in my last solution only
redirects them if the home page is being requested. Perhaps you are
thinking about the solution that redirects them once they've logged in.
My requirements would be happy to only redirect them when they go to the
home page initially. The problem is I've found no way to reliably do
that.
>>In that case, if they have a Cookie, you just check to Referer of the
Request to see if they have come from another domain or just started up
their browser. If the HttpReferer is within the domain, you would not
want to redirect them.
Since I'm new to ASP.NET, I'm not familiar with this but will look into
it. It certainly raises a number of questions in my mind (What happens if
they don't have a cookie? When accessing the home and being redirected by
ASP.NET to my login page, does the referrer show the page they were
redirected from or the page they had previously? And what happens if the
browser is opened to my page--there is no referrer page?)
Thanks.
--
Jonathan Wood
SoftCircuits Programming
http://www.softcircuits.com
>>--
HTH,
Kevin Spencer
Chicken Salad Surgeon
Microsoft MVP
"Jonathan Wood" <jw***@softcircuits.comwrote in message
news:u5**************@TK2MSFTNGP03.phx.gbl...
I've spent days trying to come up with a solution. I'd appreciate it if
anyone can help.
My site requires all users to log on. There are three different roles
of users, and each user type will have access to a completely different
set of pages. "Client" pages are in the root folder and "Admin" and
"Trainer" pages each have their own subfolders.
The problem is that when a user goes to the domain, I want to redirect
"Admin" and "Trainer" users to the appropriate subfolder.
I tried to redirect users in response to the LoggedIn event handler for
the Login control (even though the Roles object has not been
initialized then). That works but if the user clicks the "remember me"
box, they can come back to the site, still logged in, without firing
this event.
So I tried to put code in /Default.aspx to test for "Admin" or
"Trainer" users but, since these users don't have access to
/Default.aspx, that code never runs for these users.
So then I tried something like the following:
protected void Application_PostAcquireRequestState(object sender,
EventArgs e)
{
string url = HttpContext.Current.Request.RawUrl;
if (url.EndsWith("Default.aspx", StringComparison.OrdinalIgnoreCase))
{
switch (Users.GetRole())
{
case Users.UserRoles.RoleAdmin:
HttpContext.Current.Server.Transfer("~/Admin/Default.aspx");
break;
case Users.UserRoles.RoleTrainer:
HttpContext.Current.Server.Transfer("~/Trainer/Default.aspx");
break;
}
}
}
Note: Users.GetRole is a custom routine and works when called.
This approach is just plain messy. It's hard to determine exactly when
the user is actually being taken to the default page. If they haven't
logged on, ASP.NET will be redirecting the user to my login page. Then,
when I click "logout," it prevents the page being redirected to the
login page. I just can't seem to make this work reliably.
Any suggestions?
Thanks.
--
Jonathan Wood
SoftCircuits Programming
http://www.softcircuits.com
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Stu |
last post by:
Hi All,
I have an ASP.NET application to which I have implemented forms
authentication to handle security. It is a relatively straight forward
solution with all aspx pages residing in the root...
|
by: jjjooooohhnnn |
last post by:
Greetings,
I have encountered what appears to be a fairly common problem:
RedirectFromLoginPage is not redirecting to RedirectUrl. I have tried
all the advice that I could on the 'net, and...
|
by: Denise |
last post by:
I have posted a similar message in 2 other forums but got no response. I
have spent more hours than I can count researching this. Can anyone provide
some insight...?
Our ASP.Net application...
|
by: Gary Coutts |
last post by:
Hi,
I am have problems redirecting from a login page. The login page is simple,
with just 2 textboxes and one button. On the button click the routine below
is called:
I am using:
Visual...
|
by: Morpheus |
last post by:
I am trying to test a function that outputs text to the standard
output, presumably using a cout call. I do not have access to the
source, but need to test the output. Is this possible?
I can...
|
by: vaskardutta |
last post by:
Kindly Send Me The Detailed Code For:
redirecting Users On The Click Of The Submit Button
Based On The Selections From Multiple List Boxes In Asp Forms.
Please Send Me The Details(code...
|
by: mansb2002 |
last post by:
Hi,
We recently moved our webserver from Win2K to Win2003. The application
works fine. Only problem is that when user views a report as a PDF, IE
does not show it. The following code is used to...
|
by: amygdala |
last post by:
Hello all,
I have posted a similar question in comp.lang.php in the past, but haven't
had any response to it then. I kinda swept the problem under the rug since
then. But I would really like to...
|
by: Jeremy |
last post by:
I have a web app that contains forms authentication to protect
subdirectory called "admin" by denying anonymous users. When I request
a protected resource in the admin directory I am presented with...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
| |
