RedirectFromLoginPage

I think you can do this in the IIS Manager, select the site and then remove
everything but your chosen page. You may also have to add this to the filter
which allows n types of extensions through

--

OHM ( Terry Burns )
. . . One-Handed-Man . . .
If U Need My Email ,Ask Me

Time flies when you don't know what you're doing

"rufus" <he***@online.de> wrote in message news:ci**********@online.de...

Hi,

I like using RedirectFromLoginPage because it redirects back to the
originally requested page after successful login. However, if the
originally requested page was the login form then it automatically redirects to default.aspx.

How can I preserve this redirection behaviour but specify a different page
to redirect to (other than default.aspx)?

Thanks in advance.

Rufus,

Here is the core logic of my login.aspx page. It does what you want.

If you goto the login.aspx page while already logged in, it will log you
out. (This is a nice feature, so that you can have a "sign out" link on
every page)

If you go directly to the login.aspx page (before being logged in), it
redirects you to page of choice after logging in. (mine happens to be
"hours.aspx")

If you do login succesfully, then attempt to go to page your are not
autherized to go to, it will redirect you back to the login page and explain
why. (cool)

If you attempt to go to a page before logging in it will (of course)
redirect to login page, with an explanation of what happened. (normally I
have the error message commented out, since users already undestand they
need to login before using site)
Hope this isn't information overload, but there is a lot of useful stuff
going on here that I wanted to share. :^)

PS: My login.aspx page mimics hotmail's login; it has a "don't remember
username on public computer" feature. (It did have a remember password
checkbox also, but that is commented out here.)

If anything is not clear, just ask!
Greg
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
'Put user code to initialize the page here

If Not Page.IsPostBack Then

Dim returnUrl As String = Request.QueryString("ReturnUrl")
If Not (returnUrl = Nothing) Then

' Is the user currently authenticated??
If User.Identity.IsAuthenticated Then
' If YES, then they must be here because they attempted
to access a page
' that they do not have authorization to access

' throw them back to default, not where they were trying
to go
' do this in case cannot login with correct role...
ViewState("RedirectHome") = True
lblReason.Text = "You have arrived at the login page for
the following reason:<br><br>"
lblReason.Text &= "You are not in the correct role to
view the page that your were attempting to view.<br><br>"
Else
' If NO, then they must be here because they attempted
to access a page
' and they have not yet been authenticated
lblReason.Text = "You have arrived at the login page for
the following reason:<br><br>"
lblReason.Text &= "You are not currently
authenticated.<br><br>"
End If
Else
' returnURL is blank, user must have purposefully went to
login page

' if currently sign in, sign em out...
If User.Identity.IsAuthenticated Then
' Redirect to requested URL, or homepage if no previous
page requested
FormsAuthentication.SignOut()
' not running Session.Abandon(), Session.Clear() will
run if sucessful sign in occurs
' don't see need to do it...
'Session.Abandon()
'Response.Redirect("login.aspx")
End If
End If

' prefill username from previous login...
If Not Request.Cookies("RememberMe") Is Nothing AndAlso
Request.Cookies("RememberMe").Value = "1" Then
chkRememberMe.Checked = True
Request.Cookies.Remove("Username")
End If

If Not Request.Cookies("Username") Is Nothing Then
Dim sCookieValue As String =
Request.Cookies("Username").Value
txtUsername.Text = sCookieValue
SetFocus(txtPassword.ClientID)
Else
SetFocus(txtUsername.ClientID)
End If

End If
End Sub

Private Sub LoginClick()

If Not Page.IsValid Then Exit Sub

' Attempt to Validate User Credentials...
Dim EmpID As Integer = eTime.Security.Login(txtUsername.Text,
txtPassword.Text)

If EmpID > 0 Then

' don't do a Session.Abandon, that would get GetEmployeeDetails
to run twice
' once below and again in Session_Start
Session.Clear() ' clear any previous logins!!!

' Lookup the employee's full account details
Dim myEmpDetails As eTime.EmployeeDetails =
eTime.EmployeesDB.GetEmployeeDetails(EmpID)
Session("MyDetails") = myEmpDetails ' save it away!!!

If myEmpDetails.Disabled = True Then

ignoreconditionvalidator1.ErrorMessage = "This account has
been disabled."
ignoreconditionvalidator1.IsValid = False
Exit Sub

ElseIf myEmpDetails.ForcePWDChange = True Then
pnlLogin.Visible = False
pnlPWDChange.Visible = True

SetFocus(txtNew.ClientID)

' save EmpID in viewstate in case sits on change pwd page
longer than session timeout...
ViewState("EmpID") = EmpID
ViewState("PasswordHashWithoutSalt") =
eTime.Security.CreatePasswordHashWithoutSalt(txtPa ssword.Text)
Exit Sub
End If

Authenticate(EmpID, myEmpDetails.Roles)

Else

ignoreconditionvalidator1.ErrorMessage = "Invalid username or
password. Please try again."
ignoreconditionvalidator1.IsValid = False
SetFocus(txtPassword.ClientID)
End If
End Sub

Private Sub Authenticate(ByVal EmpID As Integer, ByVal Roles As String)
' Create a new ticket used for authentication
' Make the cookie persistent only if the user selects "persistent"
login checkbox

Dim ticket As FormsAuthenticationTicket = New
FormsAuthenticationTicket(1, _
EmpID.ToString, _
DateTime.Now, _
DateTime.Now.AddHours(12), _
False, _
Roles)

Dim cookie As HttpCookie = New
HttpCookie(FormsAuthentication.FormsCookieName)
cookie.Value = FormsAuthentication.Encrypt(ticket)

'If (chkRememberLogin.Checked) Then cookie.Expires =
ticket.Expiration 'not currently using this

Response.Cookies.Add(cookie)

If Not chkRememberMe.Checked Then
Dim cook1 As New HttpCookie("Username")
cook1.Expires = DateTime.MaxValue
cook1.Value = txtUsername.Text.ToLower
Response.Cookies.Add(cook1)
Else
Response.Cookies.Remove("Username")
End If

Dim cook2 As New HttpCookie("RememberMe")
cook2.Expires = DateTime.MaxValue 'now.AddDays(1)
If chkRememberMe.Checked Then
cook2.Value = "1"
Else
cook2.Value = "0"
End If
Response.Cookies.Add(cook2)

Dim returnUrl As String
' Redirect to requested URL, or homepage if no previous page
requested (returnURL = nothing when clicked on logout)
returnUrl = Request.QueryString("ReturnUrl")
If (returnUrl = Nothing) Or Not ViewState("RedirectHome") Is Nothing
Then returnUrl = "~\hours.aspx"
' Don't call FormsAuthentication.RedirectFromLoginPage since it
could
' replace the authentication ticket (cookie) we just added
Response.Redirect(returnUrl, False)
End Sub

Private Sub SetFocus(ByVal clientID As String)
Dim strjscript As String = "<script language=""javascript"">"
strjscript &= "document.getElementById(""" & clientID &
""").focus();"
strjscript &= "</script" & ">" 'Don't Ask, Tool Bug
Page.RegisterStartupScript("MYsetfocus", strjscript)
End Sub

"rufus" <he***@online.de> wrote in message news:ci**********@online.de...

Hi,

I like using RedirectFromLoginPage because it redirects back to the
originally requested page after successful login. However, if the
originally requested page was the login form then it automatically
redirects
to default.aspx.

How can I preserve this redirection behaviour but specify a different page
to redirect to (other than default.aspx)?

Thanks in advance.

Much appreciated Greg. A good chance for me to get my hands dirty :)

"Greg Burns" <greg_burns@DONT_SPAM_ME_hotmail.com> wrote in message
news:%2***************@TK2MSFTNGP15.phx.gbl...

Rufus,

Here is the core logic of my login.aspx page. It does what you want.

If you goto the login.aspx page while already logged in, it will log you
out. (This is a nice feature, so that you can have a "sign out" link on
every page)

If you go directly to the login.aspx page (before being logged in), it
redirects you to page of choice after logging in. (mine happens to be
"hours.aspx")

If you do login succesfully, then attempt to go to page your are not
autherized to go to, it will redirect you back to the login page and explain why. (cool)

If you attempt to go to a page before logging in it will (of course)
redirect to login page, with an explanation of what happened. (normally I
have the error message commented out, since users already undestand they
need to login before using site)
Hope this isn't information overload, but there is a lot of useful stuff
going on here that I wanted to share. :^)

PS: My login.aspx page mimics hotmail's login; it has a "don't remember
username on public computer" feature. (It did have a remember password
checkbox also, but that is commented out here.)

If anything is not clear, just ask!
Greg
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
'Put user code to initialize the page here

If Not Page.IsPostBack Then

Dim returnUrl As String = Request.QueryString("ReturnUrl")
If Not (returnUrl = Nothing) Then

' Is the user currently authenticated??
If User.Identity.IsAuthenticated Then
' If YES, then they must be here because they attempted to access a page
' that they do not have authorization to access

' throw them back to default, not where they were trying to go
' do this in case cannot login with correct role...
ViewState("RedirectHome") = True
lblReason.Text = "You have arrived at the login page for the following reason:<br><br>"
lblReason.Text &= "You are not in the correct role to
view the page that your were attempting to view.<br><br>"
Else
' If NO, then they must be here because they attempted
to access a page
' and they have not yet been authenticated
lblReason.Text = "You have arrived at the login page for the following reason:<br><br>"
lblReason.Text &= "You are not currently
authenticated.<br><br>"
End If
Else
' returnURL is blank, user must have purposefully went to
login page

' if currently sign in, sign em out...
If User.Identity.IsAuthenticated Then
' Redirect to requested URL, or homepage if no previous page requested
FormsAuthentication.SignOut()
' not running Session.Abandon(), Session.Clear() will
run if sucessful sign in occurs
' don't see need to do it...
'Session.Abandon()
'Response.Redirect("login.aspx")
End If
End If

' prefill username from previous login...
If Not Request.Cookies("RememberMe") Is Nothing AndAlso
Request.Cookies("RememberMe").Value = "1" Then
chkRememberMe.Checked = True
Request.Cookies.Remove("Username")
End If

If Not Request.Cookies("Username") Is Nothing Then
Dim sCookieValue As String =
Request.Cookies("Username").Value
txtUsername.Text = sCookieValue
SetFocus(txtPassword.ClientID)
Else
SetFocus(txtUsername.ClientID)
End If

End If
End Sub

Private Sub LoginClick()

If Not Page.IsValid Then Exit Sub

' Attempt to Validate User Credentials...
Dim EmpID As Integer = eTime.Security.Login(txtUsername.Text,
txtPassword.Text)

If EmpID > 0 Then

' don't do a Session.Abandon, that would get GetEmployeeDetails to run twice
' once below and again in Session_Start
Session.Clear() ' clear any previous logins!!!

' Lookup the employee's full account details
Dim myEmpDetails As eTime.EmployeeDetails =
eTime.EmployeesDB.GetEmployeeDetails(EmpID)
Session("MyDetails") = myEmpDetails ' save it away!!!

If myEmpDetails.Disabled = True Then

ignoreconditionvalidator1.ErrorMessage = "This account has
been disabled."
ignoreconditionvalidator1.IsValid = False
Exit Sub

ElseIf myEmpDetails.ForcePWDChange = True Then
pnlLogin.Visible = False
pnlPWDChange.Visible = True

SetFocus(txtNew.ClientID)

' save EmpID in viewstate in case sits on change pwd page
longer than session timeout...
ViewState("EmpID") = EmpID
ViewState("PasswordHashWithoutSalt") =
eTime.Security.CreatePasswordHashWithoutSalt(txtPa ssword.Text)
Exit Sub
End If

Authenticate(EmpID, myEmpDetails.Roles)

Else

ignoreconditionvalidator1.ErrorMessage = "Invalid username or
password. Please try again."
ignoreconditionvalidator1.IsValid = False
SetFocus(txtPassword.ClientID)
End If
End Sub

Private Sub Authenticate(ByVal EmpID As Integer, ByVal Roles As String) ' Create a new ticket used for authentication
' Make the cookie persistent only if the user selects "persistent"
login checkbox

Dim ticket As FormsAuthenticationTicket = New
FormsAuthenticationTicket(1, _
EmpID.ToString, _
DateTime.Now, _
DateTime.Now.AddHours(12), _
False, _
Roles)

Dim cookie As HttpCookie = New
HttpCookie(FormsAuthentication.FormsCookieName)
cookie.Value = FormsAuthentication.Encrypt(ticket)

'If (chkRememberLogin.Checked) Then cookie.Expires =
ticket.Expiration 'not currently using this

Response.Cookies.Add(cookie)

If Not chkRememberMe.Checked Then
Dim cook1 As New HttpCookie("Username")
cook1.Expires = DateTime.MaxValue
cook1.Value = txtUsername.Text.ToLower
Response.Cookies.Add(cook1)
Else
Response.Cookies.Remove("Username")
End If

Dim cook2 As New HttpCookie("RememberMe")
cook2.Expires = DateTime.MaxValue 'now.AddDays(1)
If chkRememberMe.Checked Then
cook2.Value = "1"
Else
cook2.Value = "0"
End If
Response.Cookies.Add(cook2)

Dim returnUrl As String
' Redirect to requested URL, or homepage if no previous page
requested (returnURL = nothing when clicked on logout)
returnUrl = Request.QueryString("ReturnUrl")
If (returnUrl = Nothing) Or Not ViewState("RedirectHome") Is Nothing Then returnUrl = "~\hours.aspx"
' Don't call FormsAuthentication.RedirectFromLoginPage since it
could
' replace the authentication ticket (cookie) we just added
Response.Redirect(returnUrl, False)
End Sub

Private Sub SetFocus(ByVal clientID As String)
Dim strjscript As String = "<script language=""javascript"">"
strjscript &= "document.getElementById(""" & clientID &
""").focus();"
strjscript &= "</script" & ">" 'Don't Ask, Tool Bug
Page.RegisterStartupScript("MYsetfocus", strjscript)
End Sub

"rufus" <he***@online.de> wrote in message news:ci**********@online.de...

Hi,

I like using RedirectFromLoginPage because it redirects back to the
originally requested page after successful login. However, if the
originally requested page was the login form then it automatically
redirects
to default.aspx.

How can I preserve this redirection behaviour but specify a different page to redirect to (other than default.aspx)?

Thanks in advance.