Redirect to a particular page is login is successful

Question

User810354248 posted

In my asp.net and VB web i am using this code for login form

 Protected Sub Page_Load(sender As Object, e As EventArgs) Handles Me.Load
        RegisterHyperLink.NavigateUrl = "Register"
        OpenAuthLogin.ReturnUrl = Request.QueryString("ReturnUrl")
        Dim returnUrl = HttpUtility.UrlEncode(Request.QueryString("ReturnUrl"))
        If Not [String].IsNullOrEmpty(returnUrl) Then
            RegisterHyperLink.NavigateUrl += "?ReturnUrl=" & returnUrl
        End If
    End Sub

    Protected Sub LogIn(sender As Object, e As EventArgs)
        If IsValid Then
            ' Validate the user password
            Dim manager = New UserManager()
            Dim user As ApplicationUser = manager.Find(UserName.Text, Password.Text)

            If user IsNot Nothing Then
                IdentityHelper.SignIn(manager, user, RememberMe.Checked)
                IdentityHelper.RedirectToReturnUrl(Request.QueryString("ReturnUrl"), Response)

            Else
                FailureText.Text = "Invalid username or password."
                ErrorMessage.Visible = True
            End If            
        End If
    End Sub

if the login is successful then i want to redirect to this page

Response.Redirect("~/DashBoard.aspx")

Answer 1

User475983607 posted

This is the section that signs in the user if the username and password is found.

If user IsNot Nothing Then
   IdentityHelper.SignIn(manager, user, RememberMe.Checked)
   IdentityHelper.RedirectToReturnUrl(Request.QueryString("ReturnUrl"), Response)

Just replace the existing redirect with the one that you want.

If user IsNot Nothing Then
	IdentityHelper.SignIn(manager, user, RememberMe.Checked)
	Response.Redirect("~/DashBoard.aspx")

Or perhaps

If user IsNot Nothing Then
	IdentityHelper.SignIn(manager, user, RememberMe.Checked)
	IdentityHelper.RedirectToReturnUrl("~/DashBoard.aspx", Response)

Answer 2

User810354248 posted

Thanks for the reply. I tried it is not working.

i had added code in all pages like this

 Protected Sub Page_Load(sender As Object, e As EventArgs) Handles Me.Load
        If Session("userid") = Nothing Then
            Response.Redirect("~/Account/Login.aspx?Url=" & Server.UrlEncode(Request.Url.AbsoluteUri))
        End If
    End Sub

i had tried the both suggestions.

All of the redirects to default.aspx page

i  also want to use the user ID as the query string also. in the dashboard page.

Answer 3

User475983607 posted

Thanks for the reply. I tried it is not working.

i had added code in all pages like this

 Protected Sub Page_Load(sender As Object, e As EventArgs) Handles Me.Load
        If Session("userid") = Nothing Then
            Response.Redirect("~/Account/Login.aspx?Url=" & Server.UrlEncode(Request.Url.AbsoluteUri))
        End If
    End Sub

i had tried the both suggestions.

All of the redirects to default.aspx page

i  also want to use the user ID as the query string also. in the dashboard page.

The original post indicates that you are using Identity.  This later code suggest that you've built a custom authorization framework or a competing framework using Session for storing the UserID.  Storing user credentials in Session is considered a bad programming practice.  Passing the UserId in a querystring is a serious security vulnerability.

Anyway, Identity handles unauthenticated redirects automatically.  So you should use Identity as indented.

Keep in mind that Response.Redirect, has been around a long time and it is well tested.  The problem is your design.  If you are building a custom authentication framework then you need to fix your code.  There is not much we can do on a forum.  If you are using Identity, then take some time to learn Identity and use it properly.  For example, there is no need to store UserId in Session as you have access to the UserName on each and every request and you can use the UserName to get the ID if needed.