I have a site that has a mix of http and https pages. Under the root of the site, one folder has all the http pages and another has all the https pages. Login is over https and sends the user to the other pages. When a session expires the forms authentication redirects to the Login page but the browser uses http and the user gets a 403 error. Is there any way to override the session timeout to send it to https?
View 1 Replies
Building asp.C# shopping app that is using a hosted payment page to process payments (using posting of data to a hosted payment page). SSL certificate is signed and installed.
Flow:
Prelim) (HTTPS) Users authenticate using asp Login control
1) Users add items to cart.
2) (HTTPS)Users go to checkout page.
3) Users finalize their order, then click pay now after agreeing to T&C.
4) Server gets cart data (from MSSQL2005) and sets a transaction cookie (expiry set to 20 mins).
5) (HTTPS) Server Response.Redirects to an html page (in the same folder as the login protected pages).
6) Html page reads transaction cookie data and generates form fields.
7) (HTTPS) Html page posts data to hosted payment page (php).
8) User enters payment info and clicks pay now.
9) (HTTPS) hosted payment page posts info back to a .aspx page that checks if payment OK.
10a) If payment !OK, redirects to a declined page.
10b) (HTTPS) If payment OK, sets a verification cookie (expiry set to 20 mins). Then redirects to another html page.
11) Html page reads cookie data and generates form fields.
12) (HTTPS) Html page posts data to hosted verification page (php).
13) Verification page verifies (of course), if transaction ok.
14) (HTTPS) verification page posts data to a .aspx page that checks if verification OK.
15) If verification OK, process orders and do receipt stuff.
Issue:
This control flow was tested on an unsigned dev environment. SSL was being enforced, if needed on the unsigned SSL certificate. So we'd get prompts that certificate may be bad, but the control flow worked seamlessly.
However, now live with a signed SSL certificate, going from step 5 to 6, we are encountering a situation where some users (not duplicated every time, but verified that it does occur) when they click pay now and are redirected to the html page, they are forced back to the ~/login.aspx page (as if they were logged out).
Things to note:
a) The session did not time out.
b) The browsers have cookies and javascript enabled.
c) I can process the entire flow seamlessly on the same machine with other accounts, and occasionally, the same account.
So, basically, I'm stumped... Is this a viewstate error? A login control bug that won't let me redirect to an html page because it is now using a real SSL? Anyone have any experience with this kind of deal? I'm at a loss for solutions at this point.
I have my website in which there are free links and links that require login. Free links open even if the user is not logged in. But in case of links that require login, redirect to login.aspx specified in Web.Config in loginURL tag.
I want some way to override this and show Ajax modal popup (Ajax extender toolkit) with login control for only thos links that require login (not for the free links).
I need to create an application with Forms Authentication and/or Windows Authentication. If the application is set to use mixed authentication (Forms + Windows Auth) and the user don't have a Windows user account, the login will fail and he must be redirected to a forms login page. How can I do this?
Are there any different way to provide mixed authentication?
I have a home page that is very design-specific, down to the pixel. It needs to have username/password/login, but I can't have it showing any error messages there. There is a separate standalone login page that is not design-specific and can show any messages. It's using the standard Login control.Is there an easy way to link the two so that if an error occurs on the home page the standalone page comes up with the errors?
View 2 Repliesi redirect a page from http to https using http module begin request handler .i am calling webservice using ajax but it is saying webserice not defined .which otherwise works fineits work fine when rediect page in page_load instead .but i need to add function for https to http in every page. i still not know why ajax is not working when i use http module for redirect
View 3 RepliesI have made a web page in which there is login screen when user login it goes next page but my problem is if i directly enter the url of that page it open. I want it should not open unless the user log in...
View 1 RepliesI'm trying to develop a simple web application where I need to redirect to main.aspx after successful login attempt in login.aspx page.However,it is redirecting the page to defualt.aspx... Is there a way to redirect my application to main.aspx??
View 3 RepliesI want to redirect to login page when any page is idle for 5 minutes and after re login I want to redirect to the page user is earlier in .
View 2 RepliesI am using built-in asp.net Role and membership provider in my website. when user login to my system they are redirected to hompage. how should i code it. that when he click on login button page check its role and then decide where to redirect. Suppose user login with name John and "john" is "Admin" then application Redirect him to AdminPanel.aspx and if User john is normal "RegUser" Role then redirect him into Home.aspx.
View 1 RepliesIn logout link's click event i have written Session.Abandon() that will destroy the Session state.I am also handling Session_End event that is fired afterward (written in Global.asax). But one more thing i want is that after Session ends, login page should be redirected (opened).
For that i wrote:
[Code]....
This is working fine on the surface, but after applying debugging i saw that there were unexpected number of calls to Session_Start and Session_End events for two times, then login page was opened.
Why Session_Start and Session_End was called two times ? If i left this process as it is working then may i get some serious error in future ?
I have created an order checkout page.when i click checkout button then it check user login or not if not then it redirect to login page .after login i want to show
my previous link page
I have two sites that are app1 and app2. If a user requests a resource in app2, in order to authenticate, I like to redirect to the login page which is in app1. Once authenticated over there, return back to app2.
View 1 RepliesI am trying to redirect a user to a member only web page after the login page.
I have the following web forms.
LoginForm.aspx
PublicForm.aspx (anyone can see)
SecureForm.aspx (members only)
In the Web.config, I included
Code:
<authentication mode="Forms">
<forms name="Login"
loginUrl="LoginForm.aspx"
protection="All"
slidingExpiration="true"
path="/">
</forms>
</authentication>
<authorization>
<deny users="*"/>
</authorization>
<location path="PublicForm.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
<location path="SecureForm.aspx">
<system.web>
<authorization>
<deny users="guest"/>
<allow users="member"/>
</authorization>
</system.web>
</location>
</authorization>
For the Login button in the LoginForm.aspx, I used this
Code:
FormsAuthentication.RedirectFromLoginPage(txtID.Text.Trim, False)
This code directs me to the Default.aspx which has nothing in it.
I will have a 404 if I take out the Default.aspx.
usually in asp.net mvc there is thing [authorize]...which will allow users only after authetication...but this works on in bulit logins in asp..
now am creating my own login...with user name and password...afteri logout...when user tries to access the home of my it should redirect to login page...and the cache should be cleared
I have 1 master page and Home.aspx page. Home.aspx page is using the master page.. In master page i have two textbox and and menu control and button. Textbox are used for login and password. by default Home.aspx opens.....Now when user login then i check the user exist of not in my master page codebehind and then redirect to Home.aspx but this time i want the textbox and button not to be visible. In master page i used session to store the login is true or not and the usertype and then redirect to Home.aspx. but i am not able to use the session.
View 15 RepliesI am Creating a Webapplication. In that i kept Login options where users can login. Some users access the data without login. I want when user want to access without login it should redirect to login page.
View 5 RepliesI have myown login page.If any user access any page directly(without login),i want to redirect unauthorized user to login page....How it possible.....Using Generic Handler is there any chance? or how can i do it ?
View 2 RepliesI got a role call "Staff", staff registration is done by admin so when creating a new staff only need their name, user name, password and e-mail. After registering, i wan to redirect the staff to the creating profile page to input their contact number and self-description which is a must for later use. For first time login staff, how do i compare and see if the contact and description profile is empty or not? If it is empty, then redirect to the create profile page, else just go to staff page.
I trying to do like making each different role redirect to their own page once they had login. For now when the user login they will remain in the same page showing the login template. How do i do that?
[code]....
I want to centralize authentication that developers are free to worry about the implementation of security. I dont want to validate the authentication at each request like
public class HomeController : BaseController
{
public ActionResult Home()
{
if (Request.IsAuthenticated == true)
{
return RedirectToAction("Home", "Member");
}
return View();
}
public ActionResult Resources()
{
if (Request.IsAuthenticated == true)
{
return RedirectToAction("Resources", "Member");
}
return View();
}
}
In an asp.net mvc website, the site has enable forms authentication. The form login page is located in an area such as:
Area: Area1, Controller: Account, Action: Login
When a user is not yet authenticated and click on a link that requires authentication, the user is redirected to the login page. This does occur and redirect to the login page specify above. However during debug, it was found the area value is not included in the RouteData.Values object. That is, the RouteData.Values object has ONLY the follow value:
Controller: Account
Action: Login
In this case, it is presumed that the MVC application by default searches for the appropriate controller and action without consideration for including the area value. On contrast when I direct click on a link that directs to login page, all processing occurs as expected, i.e. the area value is included in the RouteData.Values object. Is there a work around for this?
In web application, after login "ReturnUrl" going to last visited page. How to set to go default.aspx.
I declared code in web.config like this.
<forms name="FormsAuth" loginUrl="Default.aspx" defaultUrl="Default.aspx"
path="/" timeout="200" slidingExpiration="true">
But If I close application at /Private/Admin/ReviewIssue.aspx page.
When I start again application in login page url has like this
[URL]
I want from login page to Default.aspx only.
I use with the code below. But i've got 2 login screens, but both should redirect to another page. But he always takes the page in the web.config. so how can i change that page when i push the login button? What should i change to the function below? The normal page redirects to: ~/shoppingcard.aspx But i want to redirect the function below to : ~/shoppingcard.asxp?p=2
protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
{
if (Membership.ValidateUser(Login1.UserName, Login1.Password))
{
FormsAuthentication.RedirectFromLoginPage(Login1.UserName.ToString(), false);
}
}
FileUpload works OK on my local site. When I moved my web application to a web host server, I tested to upload a file with this application, It's OK to upload file to the server before login. But after login, the FileUpload kept redirecting to login page without uploading.
View 10 RepliesJust a simple question. After I click login button, I want to page be redirected to display.aspx.
View 1 Replies
