Security :: Authentication - Redirect URL For Different Roles?
Mar 10, 2010
I am currently having a spot of bother in something im trying to create. I want it so when a user who is in a certain role logs in they are directed to a certain page, and any other normal users are directed to another page.
I think i have this sorted via code but...
-The first time it will work, the 'admin' user will get directed to the appropriate page
-I then log out and log in as a normal user and get directed to the appropriate page
-then when i log out of that users account and back into the admin one i get directed to the normal users page instead.
-additional to this, I tried it on a different machine logging in as the admin user only to be redirected to the normal users page (is my session being stored somewhere?)
Ive traced through the problem and the user name and password being subbmitted are what they should be, yet it skips the true part of my IF statement for being in that role.
Here is my code I am using on the login form:
[Code]....
-When stepping through if seen it work and not work with the same values, I cant understand the logic of its inconsistency
the code i am using for the logout is (this is on my masterpage):
[Code]....
View 4 Replies
Similar Messages:
Jun 3, 2010
What I want I'm trying to do seems very simple, but I'm having difficulty in understanding what modifications (properties or classes) to make and where (web.config? source code? master.site?)
All I'm attempting to do, using the login.aspx script in Visual Studio 2010, and based on the roles to which I had configured in the ASP.NET configurator, to include access rules, is redirect users to different URLs based upon whether they are Admin or Manager or User.
I'm seeing many different suggestions on the internet, I don't know where to start. =/
View 4 Replies
Jul 4, 2010
I have implemented membership and enable role based on. I have 2 roles "admin" and "super_admin" and once the user login, I want to redirect them to different folder based on their role. My guess is, the redirection need to be determined once the user clicked login on the login control and here is my code.
[Code]....
However, whenever the user login (regardless of admin or super_admin) the page keeps redirection to Anyone/Default.aspx.
View 5 Replies
Oct 26, 2010
Is there a tutorial on how to redirect user to a specific web page based on his/her role? For example, I have teacher role and student role. When the teachers login, it will redirect the teacher to the teacher web page and the students redirected to the student web page.
View 1 Replies
Feb 14, 2010
I am developing a website in which I am using ASP.NET Form Authentication and everything is working fine as I am expecting. I can authenticate user from login form, I can read user roles from database and can add authenticate ticket in which user roles are stored as user data etc. etc.
Now I want to give user a page where user can update his roles in the database by selecting any role he/she want from the list of checkboxes. I know how to update the user roles in database but I want to know how to update user roles in the authentication cookie after database update.
Let's say in the start user is in "Seller" and "Buyer" role and later he want to become member of "Agent" role as well and he update his roles from the given page and everything is updated in database. Now according to database user is member of three roles but User.IsInRole("Agent") method is returning me false because the new role "Agent" is not updating in the authentication cookie.
How can I update a newly added role in authentication cookie when user is still logged in.
View 4 Replies
Sep 12, 2010
I am using Formsauthentication. My situation is as per below:
the login form has codebehind :
protected void LoginButton_Click(object sender, EventArgs e)
{
TextBox uname = Login1.FindControl("UserName") as TextBox;
TextBox pass = Login1.FindControl("Password") as TextBox;
CheckBox rm = Login1.FindControl("RememberMe") as CheckBox;
Literal fail = Login1.FindControl("Literal1") as Literal;
if (Membership.ValidateUser(uname.Text, pass.Text))
[Code].....
Now the problem is that when I try to login with proper credentials it first redirects to default.aspx( there is no such page in my project), after login again with same credentials it properly redirects to the correct page. Why such problem arises? to fix this?
View 6 Replies
Feb 2, 2010
I am using ASP.Net's forms authentication, but do not want the default behavior of redirecting to a login page when a restricted area is accessed. Instead I would like to invoke a javascript JQuery dialog for the login on the current page, preventing the content behind from loading.My only issue is that by default the forms authentication wants to redirect. Is there a handler that I can hook into, or some other option to prevent the redirect?
View 3 Replies
Jul 12, 2010
We just switched to VS2010 and seems like the forms authentication is behaving differently.
Our setup is that we have a default page (default.aspx) so that if you link to the root folder of the site, rather than a specific page, you get switched to default.aspx.
In addition, we have a working forms authentication system set up so that if you try to go to any of the pages you get redirected to a login.aspx page.
The login page can either redirect you to the forms authentication default page (default.aspx) or to the requested URL.
I'm not the one that configured this originally, but it looks like we are getting the originally requested URL from the authentication redirect, since Page.Request.Url = "http://.../Login.aspx/ReturnURL=<requestedpage>"
The problem is that this is failing to work when the original url is the root folder. In VS2008, <requestedpage> would be "/rootfolder/default.aspx", whereas now (in VS2010) we're getting "/rootfolder/". In other words, the site redirect used to be happening before the authentication check, and now it seems to be happening afterwards.
This is a problem because when we are checking to see if we need to redirect to something other than the default page, we check to see if the return URL is empty or matches the authentication defaultURL (which is also "default.aspx". If it matches, we go straight to the default page. If it doesn't we do some processing and then do the redirect. The extra processing is producing strange results when the browser is redirected to the rootfolder and therefore to the default page.
For now, I'm able to additionally test for Request + "default.aspx" (which resolved to the authenticaiton defaultURL), but this feels clunky and I can see headaches in the future if we ever need to rename default.aspx.
P.S. It has occurred to me that it's possible that something changed in web.config or another setup file when we did our conversion to VS2010. I can't find it, but that doesn't mean it's not there.
View 2 Replies
Jun 4, 2010
I have a web application that is using siteminder for authentication.
I want to redirect to application that is siteminder enabled. This application might be using site minder forms authentication.
What parameters i need to pass to that application? And what details i will need of that application.
View 1 Replies
Aug 12, 2010
we would like to redirect the user to a given page if the authentication to our SharePoint site fails (i.e. the standard windows login prompt pops up three times - we are using windows authentication). No matter what option we try it always ends up bringing the user back to a blank page.
We have tried writing a HttpModule (and catch the if Response.StatusCode = 401), which doesn't seem to fire any events if the user is not authenticated. We have tried writing a HttpHandler, but of course we can redirect the user if there is an error code but can't continue onto the desired site if not. We have tried doing the following in the web.config:
<customErrors mode="Off">
<error statusCode="401" redirect="http://social.msdn.microsoft.com"/>
</customErrors>
Which doesn't work, again taking us to a blank page.
View 3 Replies
Nov 3, 2010
how to redirect to a custom URL on Forms Authentication timeout? The timeout is working but it is only caught when I try to go to a page in my application because each Page_Load method is wrapped in a custom IsLoggedIn method. Here is the settings I have so far in the Web.config.
[Code]....
View 1 Replies
Dec 16, 2010
I am in the process of designing application in case user authentication if failed i need to redirect to default page (NT Authentication). Is there any way you can redirect the user on IIS if the user is fail go through the NT authenticaiton at IIS level.Options 1 : Always land the user to defalut page and validate there and redirect to site based on the access give the directory level access. I am looking if there any options to let the user to default page in case user access is denied.
View 4 Replies
Apr 9, 2010
Here's my scenario.
I've got a site called domain.com and also another product on product.domain.com. The product.domain.com requires authentication to access it. For consistancy in the user experience I have set the login url in the web.config on product.domain.com to be http://domain.com/Login.aspx. This redirection is working ok - and a sample url would be:
http://domain.com/Login.aspx?RedirectURL=/default.aspx
The problem is that the RedirectURL does not take into account that the request originally came from product.domain.com so when the authentication is successful the user is not redirected back to product.domain.com
I have come up with a solution for this but would like feedback if possible.
I changed the loginURL in the web.config to http://domain.com/Login.aspx?domain=product.domain.com so the sample url is now:
http://domain.com/Login.aspx?domain=product.domain.com&ReturnURL=Default.aspx
I then override the LoggedIn event in the membership control and check to see if the domain value pair is specified and if it is I redirect to the domain + ReturnURL.
As I said previously i'd appreciate any comments or other ways to achieve the same result.
View 1 Replies
Mar 7, 2011
I am using forms authentication to authenticate users. Application has multiple folders and one of the folders has its own web.config
[Code]....
I want to redirect the user to "info.aspx" instead of "login.aspx"Root has the following web config
[Code]....
View 8 Replies
Mar 30, 2011
I have a logon/register control that is on several pages. Users are logged on with code: - FormsAuthentication.SetAuthCookie(Userid, False) Response.Redirect(Request.Url.AbsoluteUri) ' Round trip is necessary to complete logon
All this was working OK, except that there was a problem with Internet Explorer users: if their browser had the default privacy setting the authorization cookie was rejected. There was no message, but they were not logged on. See [URL] To try to solve this problem I changed to cookieless authentication, but now the logon control doesn't work. The problem is that after cookieless authentication the URL changes from
[URL]
However Request.Url.AbsoluteUri remains http://localhost:3641/TestGDB/login_pages/home2.aspx even after the logon, and so with cookieless authentication the user is not logged on as there is no authentication ticket in the redirect URL.
The problem is "solved" by changing the Redirect statement to Response.Redirect("~/login_pages/home2.aspx") which works perfectly for this particular page, but is obviously wrong when the control is on other pages.
How do I write "Response.Redirect(current page)"?
View 1 Replies
Mar 7, 2011
I have a multi level application that I am developing and need to block multiple rows from being joined. I know how to hide one role but I cannot figure out how to hide multiple.
Here is my current code
[Code]....
View 2 Replies
May 17, 2010
Newb question: what is the standard practice for assigning roles to newly signed-on members. Is it usually manual or is there a way of automatically assigning roles. Being completely new to this, I am confronted by the issue of my site having three different roles that new members could fall into, but am unsure about how to assign each a role. I can't imagine having to go through the process manually if I have thousands of members.
View 6 Replies
Sep 7, 2010
I am developing a website in which i am using forms authentication. We have 2 log in pages.one for user another for admin. I added this code into webconfig file for user.
<forms loginUrl="Login.aspx" defaultUrl="Home.aspx" >
I am using this code for user side when user successfully logged in.
FormsAuthentication.RedirectFromLoginPage (UserName.Text, chkPersistCookie.Checked)
I am not using the default user membership database.i have my own data base in sql server 2005 I want same thing for admin,but the default url is Admin.aspx & login url is adminlogin.aspx for admin. How can i assign in web config file for admin?
View 2 Replies
Dec 13, 2011
I have the requirement for internal users to acces our web app without loggin in manually so using windows authentication, external users need to be refered to a form based authentication.
Now I have implemented the solution [URL] ....
However I also need to employ roles for authorization. The forms side is all set up but I cannot seem to get it to work for the windows side of things, looking for implementing a mixed mode involving roles?
I tried adding in an extra provider
<providers>
<add name="SqlRoleManager" type="System.Web.Security.SqlRoleProvider" connectionStringName="aspnetdbConnection_dev" applicationName="Corp.Web.GSP"/>
but how to configure it for usse only by the windows users. Secondly if I set it as the default where I have code like
if (Roles.IsUserInRole("Internal") || Roles.IsUserInRole("SysAdmin") || Roles.IsUserInRole("Sales"))
{
I get an
Method is only supported if the user name parameter matches the user name in the current Windows Identity error
<add name="WindowsRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" />
View 5 Replies
Mar 2, 2010
I am not really sure if this post should go in the Security section or the Active Directory / LDAP section....with that being said I am looking for advice on how to best accomplish my goal(s), I am working with FORMS authentication, using active directory (across 2 domains). I have got authenticating working correctly based upon the article at: [URL] now - my questions:
1. What is the best way to deal with roles? What I would like to do is restrict access to my application so that only the users that are authorized to use the application can login - not everyone in the AD. My gut feeling tells me I would use an AD group for this. Furthermore, a subset of these users in this group will be allowed to access the data maintenance forms
2. Ideally, in a perfect world, I would like to write this authentication piece as a separate project - this way it could be used for multiple projects - the only thing different would be the AD groups it would be checking. Is there a way that I could set which AD groups or roles in each projects web.config?
Am I approaching this the correct way? What is typically done?
View 7 Replies
Apr 24, 2010
[ASP.NET 3.5, FormsAuthentication, SQL Server]
In the Roles table there is Role, and RoleType.
I have 3different roles, 2 of which have sub-roles.
Example
Role----------------------Type
Adminstrator
Subscriber---Basic
Subscriber---Business
I need to implement Code Access Security, and URL based security using the roles & types...
For instance, the (Subscriber/Basic) would need to view a different set of pages, and have different access to things then a (Subscriber/Business).
I think I can handle the Code Access security with a custom attribute, but I am unsure to how enforce a User be apart of 2 roles in the URL Authorization.
I am currently using the web.config to deny/allow access to the directories/pages.
e.g.
/Areas/Admin/web.config
[Code]....
Is it possible to force the user to be apart of 2 roles with this technique?
View 1 Replies
Apr 16, 2010
my application is running under asp.net 2.0 and in iis 5.0 (Windows XP) in my machine.config, i have the following setting
[code]...
whenever i go to my default.aspx page, it seems it doesn't redirect to login.aspx.
View 5 Replies
Jul 14, 2010
This could be very straight forward for some of you, but I got caught up. I am doing very simple test - browsing from IIS Manager to see the default page or "under Construction", however I am being challenged to provide my login credential . When I provide my login credential, I am able to see the default page. I wanted to see the default page without providing my credential since Enable anoymous access + basic authentication I am simply wanted to see the default page asit is working on other servers except this one. I have included screen print to make sure may question is clear.
View 3 Replies
Jan 4, 2011
What's the difference between Basic Authentication and Integrated Windows Authentication in IIS?
View 3 Replies
Mar 10, 2010
I set authentication mode to Windows in the web.config and I enable Windows Authentication and disable the Anonymous Authentication in IIS 7 on win 7, but HttpContext.Current.User is always null.It works fine when I host the web app in IIS 6.0.
View 1 Replies
