Requested URL and OnLoggedIn event.

Question

User240536124 posted

I'm going to admit that Forms authentication is a weak area for me. This is a my boss, kind of thing. I had it where when a user tried to access an area it prompted a login and then followed the requested URL (if they had permission). The only thing was, if someone just logged in, it didn't automatically send them anywhere... Boss thought that was confusing to have to have people click on something. I added a logged in event and he is all happy. The deal is, I find this all kinds of annoying, because when I'm trying to get to the user page, I first get sent somewhere else and then I have to navigate there.

Question. Is there any way to make a requested URL priority over the logged in event and if there was no requested URL, then to fire the OnLoggedIn event?

My working OnLoggedIn event:

protected void OnLoggedIn(object sender, EventArgs e)
{
if (Roles.IsUserInRole(Login2.UserName, "Admin"))
Response.Redirect("~/Admin/");
else if (Roles.IsUserInRole(Login2.UserName, "User"))
Response.Redirect("~/usr/");

}

Answer 1

User-893317190 posted

Hi jay8anks,

How do you authenticate in your  application?  If you authenticate through web.config, web form framework will automatically pass  a returnUrl parameter to your login page.

The returnUrl is the last page the user visit before they are redirected to login page.You could use this parameter to redirect your user after they login.

Below is my configuration in web.config. The authentication node is under the system.web node in web.config.

  <authentication mode="Forms">
      <forms  loginUrl = "~/Identity/Login.aspx" name = ".ASPXFORMSAUTH"/>
      
    </authentication>
    <authorization >
     
      <deny users="?"/>
    </authorization>

Then if you are not authenticated , it will redirect to  ~/Identity/Login.aspx. In my login.aspx ,I write codes below in page_load.

 Response.Write("your last visted page is :"+HttpUtility.UrlDecode(Request["returnUrl"])); 

And the result.

If you want to allow anonymous user to visit files in a folder , you could write in your web.config as follows.It is under the configuration node in web.config.

And you can specify the folder through path attribute of the location node.

<location path="Identity">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>

Best regards,

Ackerly Xu

Answer 2

User-1171043462 posted

Refer

FormsAuthentication.RedirectFromLoginPage: Redirect to ReturnUrl ...

if you are using Forms Authentication.

Answer 3

User240536124 posted

Yes, that is what I was using and it worked and I was happy. This is what happened. User is on public website. User clicks on non-public, user link, user has to login and got redirected to the link they clicked on in the first place. That's fine. I liked this. But if someone was on the public site and just clicked the Login button and logged in, it didn't really do anything except log them in (there really wasn't a return URL in play). At this point they just sat there. If they clicked on a non-public link it would work because they were already logged in, but they had to click it to get there.

This is where the powers that be wanted them to automatically be sent to where they should be by role. They click Login, they end up where they need to be. But if a link was in play, it doesn't matter.  Everyone gets redirected by role and if that's not where you want to be, then you have to click things to get where you want to be. I don't like this.

What I would like is a hybrid. If a link is in play, ReturnURL works. If for some reason, there is no link in play, they get redirected by role.

Right now I know how to do either one. Some way to combine the two would be great.

Thanks.

Answer 4

User-893317190 posted

Hi jay8anks ,

You could consider Request.UrlReferrer to get the last visited page of the user.

Below is my code.

protected void Page_Load(object sender, EventArgs e)
        {
            if (!IsPostBack)
            {
                Response.Write("your last visited address:" + Request.UrlReferrer);
                Session["url"] = Request.UrlReferrer.ToString();
            }
          
        }


 protected void Button1_Click(object sender, EventArgs e)
        {
            // ensure that the user's last visited page is in your application
            if (Session["url"].ToString().StartsWith("https://localhost:44328/"))
            {
                Response.Redirect(Session["url"].ToString());
            }
           
        }

The first aspx page UrlToWebService.aspx.(please ignore the name of the aspx page, it doesn't have special meaning)

 <asp:LinkButton ID="LinkButton1" runat="server" PostBackUrl="~/WebForm1.aspx">LinkButton</asp:LinkButton>

The second aspx page  WebForm1.aspx .

 <asp:Button ID="Button1" runat="server" Text="go back" OnClick="Button1_Click" />

The result.

If it isn't what you want , I don't know how they get to the login page if they don't go there by link? If you want to combine your role based redirect ,you could first  check whether the return url string is null , if it is null , you could use your redirect logic based on the role of the user.

Best regards,

Ackerly Xu

Answer 5

User240536124 posted

Do you think it would be possible to request the UrlReferrer on the redirect to the login page and go to it, but if it is null, go to the landing page as assigned by role? I was hoping someone would tell me this was possible in some way...even if not in the way I'm thinking.

protected void OnLoggedIn(object sender, EventArgs e)
{

if (Session["url"].ToString() != null) // May not be the right way to do that. I goof up checking for null strings sometimes.

{

// go to URL

}

else

}

if (Roles.IsUserInRole(Login2.UserName, "Admin"))
Response.Redirect("~/Admin/");
else if (Roles.IsUserInRole(Login2.UserName, "User"))
Response.Redirect("~/usr/");

}

Answer 6

User240536124 posted

I will give you credit on the answer. It was very detailed. I can use that somewhere else. I forgot about Request.UrlReferrer and I have been doing it a little bit different to kind of do the same thing.

After messing around with it for a little bit, I can't believe it was this easy or I wouldn't have asked. Here is what I found.

The Page_load event on the sign-in page does not fire on login. It goes straight to the OnLoggedIn event.

But you can just request the URL from this event and see if there is a ReturnUrl in the Sign-in Url. This seems to work and does exactly what I want. If there is no ReturnUrl, it uses the UserInRole function and sends them exactly where they should go. But if there is a ReturnUrl in the URL, it uses it and and goes right on to where you were going. I manually type in URLs a lot while developing, so this really saves me a lot of ending up in the wrong spot. A lot of other people will never even notice this.

Here is what I did:

string ReferUrl = string.Empty;

protected void OnLoggedIn(object sender, EventArgs e)
{

if ((Request.QueryString["ReturnUrl"] == null))
{
ReferUrl = string.Empty;
}
else
{
if (!string.IsNullOrEmpty(Request.QueryString["ReturnUrl"].ToString()))
{
ReferUrl = Request.QueryString["ReturnUrl"].ToString();

}

}

if (ReferUrl != string.Empty)
{
Response.Redirect(ReferUrl);
}
else
{
if (Roles.IsUserInRole(Login2.UserName, "Admin"))
Response.Redirect("~/Admin/");
else if (Roles.IsUserInRole(Login2.UserName, "User"))
Response.Redirect("~/usr/");
}

}

Thanks!

Answer 7

User-893317190 posted

Hi jay8anks,

I think your code will redirect the user to her(his) last visited page if it has a returnUrl  and if it doesn't have ,she(he) will be redirected according to her(his) role. 

If you could ensure that all the user in your app is either user or admin, anyone will be redirected after she(he) has logged in, it will work well.

If  your user has the third role, I  suggest your could redirect she(he) to a default aspx page  such as index.aspx.

Best regards,

Ackerly Xu