Security :: Response.Redirect To Current Page With Cookieless Authentication?

Mar 30, 2011

I have a logon/register control that is on several pages. Users are logged on with code: - FormsAuthentication.SetAuthCookie(Userid, False) Response.Redirect(Request.Url.AbsoluteUri) ' Round trip is necessary to complete logon

All this was working OK, except that there was a problem with Internet Explorer users: if their browser had the default privacy setting the authorization cookie was rejected. There was no message, but they were not logged on. See [URL] To try to solve this problem I changed to cookieless authentication, but now the logon control doesn't work. The problem is that after cookieless authentication the URL changes from

[URL]

However Request.Url.AbsoluteUri remains http://localhost:3641/TestGDB/login_pages/home2.aspx even after the logon, and so with cookieless authentication the user is not logged on as there is no authentication ticket in the redirect URL.

The problem is "solved" by changing the Redirect statement to Response.Redirect("~/login_pages/home2.aspx") which works perfectly for this particular page, but is obviously wrong when the control is on other pages.

How do I write "Response.Redirect(current page)"?

View 1 Replies


Similar Messages:

Web Forms :: Append CustomPrice To The Current Page's Query String Before The Response.Redirect Takes Place

Apr 25, 2010

I have a page that is used to add info from a gridview into a user's profile. I have explained my issues after all of the code. Here is the applicable code(s) involved:

Protected Sub AddToCart(ByVal sender As Object, ByVal e As CommandEventArgs)
For Each gvr In GridViewItems.Rows
Dim txtGiftAmt As TextBox = (CType(gvr.FindControl("txtGiftAmt"), TextBox))
If txtGiftAmt.Visible = True Then
Dim customPrice As String = txtGiftAmt.Text.ToString
'HERE is where I would like to set the new price variable value somehow
End If
Next
Dim scart As New ShoppingCart
scart.AddCartItem(e.CommandArgument.ToString())
Response.Redirect("~/ShoppingCart.aspx")
End Sub

This sub is called by the following button when clicked:

[Code]....

Here is the sub from the ShoppongCart Class named AddCartItem:

[Code]....

Here is the problem that I am having: I have one specific item that allows user's to define their own price (for this item only). By putting this price in a session variable seems to be the easiest way to handle this (at least for me), but the session variable's value always "lags behind". By this I mean that the first time the items is entered, it uses the default value of cartItem.ItemPrice. The second time the same item is added (with the intention of a different price), this new item's cartItem.ItemPrice is set
as the first session("customPrice").

Because the user is selecting his/her own price for this item, I am not worried about lack of security involved with using query string to pass this price, but I can't get the string passed to the ShoppingCart class correctly (shows up null). Is there a way to append this customPrice to the current page's query string before the Response.Redirect takes place? If I understand this correctly, the Response portion "posts back" to the current page before the Redirect sends us on our merry way, right?

View 3 Replies

Security :: Implement Cookieless Authentication In .net?

Apr 1, 2010

how can i implement cookieless authentication in .net??

View 5 Replies

Security :: Response.Redirect Not Redirecting To Page After LoginUser.LoggedIn?

Jul 30, 2010

I just observed something with the .net 3.5 VS2010 Login control. It seems to response.redirect is doing
something I cant explain:

[Code]....

after I hit the response.redirect all that is happening is that I stay on the login page and the URL
changes to http://localhost:50324/Account/Login.aspx?ReturnUrl=%2fAccount%2fAdmin%2fApproval.aspx

Why am I not properly redirected? I used server.transfer, that put me on the right page (Approval.aspx) BUT as soonas I clicked a button, I was back at Login.aspx.

View 4 Replies

Security :: How To Redirect Page If Authentication Fails

Aug 12, 2010

we would like to redirect the user to a given page if the authentication to our SharePoint site fails (i.e. the standard windows login prompt pops up three times - we are using windows authentication). No matter what option we try it always ends up bringing the user back to a blank page.

We have tried writing a HttpModule (and catch the if Response.StatusCode = 401), which doesn't seem to fire any events if the user is not authenticated. We have tried writing a HttpHandler, but of course we can redirect the user if there is an error code but can't continue onto the desired site if not. We have tried doing the following in the web.config:

<customErrors mode="Off">
<error statusCode="401" redirect="http://social.msdn.microsoft.com"/>
</customErrors>

Which doesn't work, again taking us to a blank page.

View 3 Replies

Security :: NT Authentication Fails Redirect To Default Page

Dec 16, 2010

I am in the process of designing application in case user authentication if failed i need to redirect to default page (NT Authentication). Is there any way you can redirect the user on IIS if the user is fail go through the NT authenticaiton at IIS level.Options 1 : Always land the user to defalut page and validate there and redirect to site based on the access give the directory level access. I am looking if there any options to let the user to default page in case user access is denied.

View 4 Replies

HttpContext.Current.Response.Redirect With Visual Studion 2010?

Mar 23, 2011

As I have migrated Web Application from 3.5 (VS 2008 ) to 4.0 Vs (2010)

Now i am having problem with Response.Redirect

As I in .aspx pages i have found the following solution and it is working fine.

old Code with is not Working in Vs2010

[code]....

But now I need to Redirect from the class librarySo can any one guide me on the same.. i can i redirect .. AS I have try with HttpContext.Current.Response.Redirect(strURL); but it is not working.

View 1 Replies

Web Forms :: Response.Redirect - Redirect To Error Page ... ?

Mar 6, 2011

I have a problem with Response.Redirect to specific error page.

so far i have something like :

protected void Page_Load(object sender, EventArgs e)
{

if ((Request.QueryString["UbytovaniePrispevokID"].ToString()) == "")[code]......

What i want to do is.. I have one main page with new posts Each subject of the new post is the link to Another page where is Specific post and coments and user can leave a coment.

What I want is when the Request.QueryString["UbytovaniePrispevokID"].ToString()) == "" or null I want to redirect to error page ...

View 3 Replies

Redirect To Other Page From Pop Up Window With Response.redirect?

Feb 13, 2010

how can i redirect to other page from pop up window with response.redirect.

View 2 Replies

Web Forms :: PDF Response.redirect Security Pop Up?

Jan 26, 2010

In one section of my site I have a response.redirect that calls a PHP script and returns to PDF file to a save/open dialog box.

This works -

Response.Redirect("http://webaddress.com/get_proof.php?rep=" & rep.ToString("000")
& "&filename=" & ViewState("sjobnoproof") &
"_s.pdf")

In another section i get the security warning from IE on the top. Users have to say yes and page refreshes and they to go back and do it again.

Response.Redirect("http://webaddress.com/get_ar.php?path=" & ViewState("reportsfranid")
& "_ADMIN/Client Files/Group" & ViewState("reportsgroup") &
"/" & ViewState("reportsrepid") &
"_" & ViewState("reportslastname") &
"&filename=" &
"CON_Modified.pdf")

View 3 Replies

AJAX :: HTMLEditor & Cookieless Authentication?

Jun 22, 2010

I put an HTMLEditor Control (aka Editor) into a webpage and set the forms authentication to cookielessLike so

<authentication mode="Forms">

View 2 Replies

Security - Forms Authentication Without Redirect?

Feb 2, 2010

I am using ASP.Net's forms authentication, but do not want the default behavior of redirecting to a login page when a restricted area is accessed. Instead I would like to invoke a javascript JQuery dialog for the login on the current page, preventing the content behind from loading.My only issue is that by default the forms authentication wants to redirect. Is there a handler that I can hook into, or some other option to prevent the redirect?

View 3 Replies

Security :: Authentication - Redirect URL For Different Roles?

Mar 10, 2010

I am currently having a spot of bother in something im trying to create. I want it so when a user who is in a certain role logs in they are directed to a certain page, and any other normal users are directed to another page.

I think i have this sorted via code but...

-The first time it will work, the 'admin' user will get directed to the appropriate page

-I then log out and log in as a normal user and get directed to the appropriate page

-then when i log out of that users account and back into the admin one i get directed to the normal users page instead.

-additional to this, I tried it on a different machine logging in as the admin user only to be redirected to the normal users page (is my session being stored somewhere?)

Ive traced through the problem and the user name and password being subbmitted are what they should be, yet it skips the true part of my IF statement for being in that role.

Here is my code I am using on the login form:

[Code]....

-When stepping through if seen it work and not work with the same values, I cant understand the logic of its inconsistency

the code i am using for the logout is (this is on my masterpage):

[Code]....

View 4 Replies

Security :: Redirect URL And Forms Authentication (VS2010)?

Jul 12, 2010

We just switched to VS2010 and seems like the forms authentication is behaving differently.

Our setup is that we have a default page (default.aspx) so that if you link to the root folder of the site, rather than a specific page, you get switched to default.aspx.

In addition, we have a working forms authentication system set up so that if you try to go to any of the pages you get redirected to a login.aspx page.

The login page can either redirect you to the forms authentication default page (default.aspx) or to the requested URL.

I'm not the one that configured this originally, but it looks like we are getting the originally requested URL from the authentication redirect, since Page.Request.Url = "http://.../Login.aspx/ReturnURL=<requestedpage>"

The problem is that this is failing to work when the original url is the root folder. In VS2008, <requestedpage> would be "/rootfolder/default.aspx", whereas now (in VS2010) we're getting "/rootfolder/". In other words, the site redirect used to be happening before the authentication check, and now it seems to be happening afterwards.

This is a problem because when we are checking to see if we need to redirect to something other than the default page, we check to see if the return URL is empty or matches the authentication defaultURL (which is also "default.aspx". If it matches, we go straight to the default page. If it doesn't we do some processing and then do the redirect. The extra processing is producing strange results when the browser is redirected to the rootfolder and therefore to the default page.

For now, I'm able to additionally test for Request + "default.aspx" (which resolved to the authenticaiton defaultURL), but this feels clunky and I can see headaches in the future if we ever need to rename default.aspx.

P.S. It has occurred to me that it's possible that something changed in web.config or another setup file when we did our conversion to VS2010. I can't find it, but that doesn't mean it's not there.

View 2 Replies

Security :: SiteMinder Authentication - Redirect From One Application To Another?

Jun 4, 2010

I have a web application that is using siteminder for authentication.

I want to redirect to application that is siteminder enabled. This application might be using site minder forms authentication.

What parameters i need to pass to that application? And what details i will need of that application.

View 1 Replies

Security :: Redirect On Forms Authentication Timeout?

Nov 3, 2010

how to redirect to a custom URL on Forms Authentication timeout? The timeout is working but it is only caught when I try to go to a page in my application because each Page_Load method is wrapped in a custom IsLoggedIn method. Here is the settings I have so far in the Web.config.

[Code]....

View 1 Replies

State Management :: Cookieless Sessions And IIS6 Causes A Redirect Loop

Aug 9, 2010

I have an ASP .NET website that uses cookieless sessions When the initial request is made to the site IE just displays the standard "Internet Explorer cannot display the webpage" message Firefox displays the following message: The page isn't redirecting properly Firefox has detected that the server is redirecting the request for this address in a way that will never complete. *This problem can sometimes be caused by disabling or refusing to accept cookies. The site works fine with my development server and under IIS6. If I switch off cookieless sessions then everything is fine

View 3 Replies

Restricting Certain Pages -- Redirect On Every Page? Or On Master Page By Viewing Current Page In Url?

Feb 6, 2011

Per different user mode, some pages should not be accessible by users unless they have a valid session key.In your opinions -- would it be better to have a list of acceptable pages in the master page, and check if the current page is valid for the current user? Or handle this on every child page?I'm thinking master page, just want to hear what your input would be.

View 2 Replies

Security :: Forms Authentication Across A Subdomain And The Redirect URL Failure?

Apr 9, 2010

Here's my scenario.

I've got a site called domain.com and also another product on product.domain.com. The product.domain.com requires authentication to access it. For consistancy in the user experience I have set the login url in the web.config on product.domain.com to be http://domain.com/Login.aspx. This redirection is working ok - and a sample url would be:

http://domain.com/Login.aspx?RedirectURL=/default.aspx

The problem is that the RedirectURL does not take into account that the request originally came from product.domain.com so when the authentication is successful the user is not redirected back to product.domain.com

I have come up with a solution for this but would like feedback if possible.

I changed the loginURL in the web.config to http://domain.com/Login.aspx?domain=product.domain.com so the sample url is now:

http://domain.com/Login.aspx?domain=product.domain.com&ReturnURL=Default.aspx

I then override the LoggedIn event in the membership control and check to see if the domain value pair is specified and if it is I redirect to the domain + ReturnURL.

As I said previously i'd appreciate any comments or other ways to achieve the same result.

View 1 Replies

Security :: Redirect From Web.config When Forms Authentication Failed?

Mar 7, 2011

I am using forms authentication to authenticate users. Application has multiple folders and one of the folders has its own web.config

[Code]....

I want to redirect the user to "info.aspx" instead of "login.aspx"Root has the following web config

[Code]....

View 8 Replies

C# - Redirect To Current Page?

Apr 21, 2010

How can I perform a redirect with Server.Transfer() to the same page that is currently shown. I want to have A cleared form after submit.

View 2 Replies

Security :: Forms Authentication Cookie Not Changing Current User Identity

Jan 21, 2010

I am having a problem with security in a web application I am building using Visual Web Developer 2008. I am using Forms Authentication:

<authentication mode="Forms">
<forms name=".MYAUTH" timeout="20" enableCrossAppRedirects="true" />
</authentication>

And a SQL Server database with ASP.NET Membership and Roles. I am using the LoginView control with the AnonymousTemplate and LoggedInTemplate to manage the user's interaction with logging in and out. The problem I am having is that I am authenticating the user against the database:

If Membership.ValidateUser(_userName, _txtLoginPass.Text)
Then returns True and:
FormsAuthentication.SetAuthCookie(_userName, False)
sets the cookie correctly:
FormsAuthentication.Decrypt(FormsAuthentication.GetAuthCookie(_userName, False).Values(0))
{System.Web.Security.FormsAuthenticationTicket} CookiePath: "/"
Expiration: #1/21/2010 1:42:27 PM#
Expired: False
IsPersistent: False
IssueDate: #1/21/2010 1:22:27 PM#
Name: "jaymo "
UserData: ""
Version: 2
but when I check
HttpContext.Current.User.Identity.IsAuthenticated it always returns False.
If done this before and it worked fine. I cannot find any mistake I might have made or where something might have changed between ASP.NET 2.0 and 3.5.

View 2 Replies

Get Previous Page URL After Response.Redirect?

Sep 27, 2010

I'm trying to get the previous page URL after I do a response write and i've looked around the web and people are using HTTP_REFERER but that doesn't work with Response.Redirect so is there anyway to get the URL of the previous page?

I have this code on a few pages and i need to know which page it is coming from when it gets to the servererror/default.aspx page

Response.Redirect("servererror/default.aspx?404")

And on my servererror/default.aspx page i'm just trying to grab the previous page URL and put it into the Session Session("ErrorPage")

UPDATE

I have now got it to work like this

Response.Redirect("server-error.aspx?404&" & Request.Url.ToString())

That passes the URL of the page with the error to the next page and I then grab that from the Query String

View 3 Replies

Response - Unable To Redirect The Page

Aug 22, 2010

I had a problem lately that I managed to have for it 2 solutions and I am wondering which one should I choose. Here the issue : When a user requests my site ( www..com), I am gonna redirect him to (www..com/en) because it is a multilingual site. I am using .NET routing to to that. In the Page_Load of the default.aspx page I check if the language in the Routing Collection is available, I don't redirect. If it is not available I redirect to (www._.com/en). Here is the code :

if (Page.RouteData.Values.Count == 0)
{
if (SessionManager.IsUserAuthenticated)
{
//Redirect To User HomePage for his Main Language
Page.Response.Redirect(UserManager.GetUserMainPageWhenLoggedIn(SessionManager.LoggedUser.LanguageID,true));
}
else
{
Page.Response.Redirect(String.Format("~/{0}", Cultures.en.ToString()), true);
Helpers.SetCulture(Cultures.en.ToString());
}
}
I am using Response.Redirect to do that. Now if I set to End The Response the method parameter, it will throw an exception so I can handle it throught
try
{
this.InitializeLayout();
}
catch (ThreadAbortException ex)
{
}
catch (Exception ex)
{
ExceptionManager.LogException(ex);
}

If I don't end the Response, the page will execute the whole lifecyle, redirect and then do it again which results a double execution of the page. My main objective is not to execute the page 2 times to minimize processing ( if the site gets hammered by a big traffic). If I end the Response, a ThreadAbortExeption will be thrown and I think this is not good for the site.( I can catch it and not log it).

View 2 Replies

Web Forms :: Execute The Response And Update The Current Page? 

Sep 15, 2010

I am generating Word docs from a gridview. The Word doc gets sent to the client using a Resposne object. However, I would also like to highlight the row in question and update a file generation log display (another gridview).

All the data fucntions on the server side fire fine, but any visual updates to the current page never hit the client. The Response object seems to take over the entire response.

Is there any way to accomplish both: execute the Response and update the current page?

View 3 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved