locked
Redirect to a particular page is login is successful RRS feed

  • Question

  • User810354248 posted

    In my asp.net and VB web i am using this code for login form

     Protected Sub Page_Load(sender As Object, e As EventArgs) Handles Me.Load
            RegisterHyperLink.NavigateUrl = "Register"
            OpenAuthLogin.ReturnUrl = Request.QueryString("ReturnUrl")
            Dim returnUrl = HttpUtility.UrlEncode(Request.QueryString("ReturnUrl"))
            If Not [String].IsNullOrEmpty(returnUrl) Then
                RegisterHyperLink.NavigateUrl += "?ReturnUrl=" & returnUrl
            End If
        End Sub
    
        Protected Sub LogIn(sender As Object, e As EventArgs)
            If IsValid Then
                ' Validate the user password
                Dim manager = New UserManager()
                Dim user As ApplicationUser = manager.Find(UserName.Text, Password.Text)
    
                If user IsNot Nothing Then
                    IdentityHelper.SignIn(manager, user, RememberMe.Checked)
                    IdentityHelper.RedirectToReturnUrl(Request.QueryString("ReturnUrl"), Response)
    
                Else
                    FailureText.Text = "Invalid username or password."
                    ErrorMessage.Visible = True
                End If            
            End If
        End Sub

    if the login is successful then i want to redirect to this page

    Response.Redirect("~/DashBoard.aspx")

    Friday, September 8, 2017 3:21 PM

Answers

  • User475983607 posted

    This is the section that signs in the user if the username and password is found.

    If user IsNot Nothing Then
       IdentityHelper.SignIn(manager, user, RememberMe.Checked)
       IdentityHelper.RedirectToReturnUrl(Request.QueryString("ReturnUrl"), Response)

    Just replace the existing redirect with the one that you want.

    If user IsNot Nothing Then
    	IdentityHelper.SignIn(manager, user, RememberMe.Checked)
    	Response.Redirect("~/DashBoard.aspx")

    Or perhaps

    If user IsNot Nothing Then
    	IdentityHelper.SignIn(manager, user, RememberMe.Checked)
    	IdentityHelper.RedirectToReturnUrl("~/DashBoard.aspx", Response)

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, September 8, 2017 4:42 PM
  • User475983607 posted

    Thanks for the reply. I tried it is not working.

    i had added code in all pages like this

     Protected Sub Page_Load(sender As Object, e As EventArgs) Handles Me.Load
            If Session("userid") = Nothing Then
                Response.Redirect("~/Account/Login.aspx?Url=" & Server.UrlEncode(Request.Url.AbsoluteUri))
            End If
        End Sub

    i had tried the both suggestions.

    All of the redirects to default.aspx page

    i  also want to use the user ID as the query string also. in the dashboard page.

    The original post indicates that you are using Identity.  This later code suggest that you've built a custom authorization framework or a competing framework using Session for storing the UserID.  Storing user credentials in Session is considered a bad programming practice.  Passing the UserId in a querystring is a serious security vulnerability.

    Anyway, Identity handles unauthenticated redirects automatically.  So you should use Identity as indented.

    Keep in mind that Response.Redirect, has been around a long time and it is well tested.  The problem is your design.  If you are building a custom authentication framework then you need to fix your code.  There is not much we can do on a forum.  If you are using Identity, then take some time to learn Identity and use it properly.  For example, there is no need to store UserId in Session as you have access to the UserName on each and every request and you can use the UserName to get the ID if needed.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Saturday, September 9, 2017 1:19 PM

All replies

  • User475983607 posted

    This is the section that signs in the user if the username and password is found.

    If user IsNot Nothing Then
       IdentityHelper.SignIn(manager, user, RememberMe.Checked)
       IdentityHelper.RedirectToReturnUrl(Request.QueryString("ReturnUrl"), Response)

    Just replace the existing redirect with the one that you want.

    If user IsNot Nothing Then
    	IdentityHelper.SignIn(manager, user, RememberMe.Checked)
    	Response.Redirect("~/DashBoard.aspx")

    Or perhaps

    If user IsNot Nothing Then
    	IdentityHelper.SignIn(manager, user, RememberMe.Checked)
    	IdentityHelper.RedirectToReturnUrl("~/DashBoard.aspx", Response)

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, September 8, 2017 4:42 PM
  • User810354248 posted

    Thanks for the reply. I tried it is not working.

    i had added code in all pages like this

     Protected Sub Page_Load(sender As Object, e As EventArgs) Handles Me.Load
            If Session("userid") = Nothing Then
                Response.Redirect("~/Account/Login.aspx?Url=" & Server.UrlEncode(Request.Url.AbsoluteUri))
            End If
        End Sub

    i had tried the both suggestions.

    All of the redirects to default.aspx page

    i  also want to use the user ID as the query string also. in the dashboard page.

    Saturday, September 9, 2017 12:38 AM
  • User475983607 posted

    Thanks for the reply. I tried it is not working.

    i had added code in all pages like this

     Protected Sub Page_Load(sender As Object, e As EventArgs) Handles Me.Load
            If Session("userid") = Nothing Then
                Response.Redirect("~/Account/Login.aspx?Url=" & Server.UrlEncode(Request.Url.AbsoluteUri))
            End If
        End Sub

    i had tried the both suggestions.

    All of the redirects to default.aspx page

    i  also want to use the user ID as the query string also. in the dashboard page.

    The original post indicates that you are using Identity.  This later code suggest that you've built a custom authorization framework or a competing framework using Session for storing the UserID.  Storing user credentials in Session is considered a bad programming practice.  Passing the UserId in a querystring is a serious security vulnerability.

    Anyway, Identity handles unauthenticated redirects automatically.  So you should use Identity as indented.

    Keep in mind that Response.Redirect, has been around a long time and it is well tested.  The problem is your design.  If you are building a custom authentication framework then you need to fix your code.  There is not much we can do on a forum.  If you are using Identity, then take some time to learn Identity and use it properly.  For example, there is no need to store UserId in Session as you have access to the UserName on each and every request and you can use the UserName to get the ID if needed.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Saturday, September 9, 2017 1:19 PM