Home
ASP.NET Forums » General ASP.NET » Security » How to keep RETURNURL when accessing a secure page, yet disable it when logging in explicitly ?

How to keep RETURNURL when accessing a secure page, yet disable it when logging in explicitly ?

Last post 04-30-2008 4:49 PM by anas. 1 replies.

Sort Posts:

  • How to keep RETURNURL when accessing a secure page, yet disable it when logging in explicitly ?

    04-30-2008, 11:05 AM
    • Member
      17 point Member
    • S2kDriver
    • Member since 11-14-2006, 8:26 PM
    • Long Island, New York, USA
    • Posts 110

    I have a loginstatus control on my masterpage so that a user would have the ability to login no matter what page of the website he is on.  When he clicks on that, it brings him to the login page with the login control.  I explicitly hardcoded a specific page for the destinationpageurl attribute of the login control, but it seems the returnurl overrides that setting.  It seems the returnurl is set for the page I was previously on.  Why is the returnurl being set if I wanted to just login explicitly?  How would the hardcoded destinationpageurl ever get a chance to work then?

    However, the returnurl is very useful to me in other situations.  For example, say an unauthenticated user is browsing the site and he clicks on a button (or link or whatever) that leads to a secure page (all of my secure pages are under a folder allowing only authenticated users to view them).  The site directs him automatically to the login page with the returnurl instructing the site to forward him to the intended destination after successful login.  This is desirable.  However, as stated earlier, when a user explicitly clicks on the loginstatus to log in, I want him to be directly led to a specfic page (like myaccount.aspx or something).

    How do I do this?

    Thanks in advance.

    -Paul

  • Re: How to keep RETURNURL when accessing a secure page, yet disable it when logging in explicitly ?

    04-30-2008, 4:49 PM
    Answer
    • All-Star
      57,958 point All-Star
    • anas
    • Member since 09-21-2006, 8:31 AM
    • Palestinian Territory, Occupied
    • Posts 6,646
    • Moderator

    Hello,

    I tried to change the login status control behaviour with no luck,

    I think the only solution is to write you own login status control, I did one for you ,

    you can accomplish that by adding a new user control and putting the following link buttons iniside it ,

     

     <asp:LinkButton ID="LnkLogin" runat="server" >Login</asp:LinkButton>
    <asp:LinkButton ID="lnkLogout"  runat="server">Logout</asp:LinkButton>
     

    then in user control code behind, you handle the click events of those linkbuttons as follows:

      

        Protected Sub LnkLogin_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles LnkLogin.Click
            Response.Redirect(FormsAuthentication.LoginUrl)
        End Sub

        Protected Sub     lnkLogout_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles lnkLogout.Click
            FormsAuthentication.SignOut()
            Response.Redirect(FormsAuthentication.LoginUrl)
        End Sub


        Protected Sub     Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
            LnkLogin.Visible = Not Page.User.Identity.IsAuthenticated
            lnkLogout.Visible = Page.User.Identity.IsAuthenticated

        End Sub

     

    now , you can replace the login status control with your user control ....

     

    Regards, 

    Regards,

    Anas Ghanem | Blog
Page 1 of 1 (2 items)
RSS Available

Contact | Advertise | Ads by BanManPro | Running IIS7
All Rights Reserved. | Terms of Use | Trademarks | Privacy Statement
© 2009 Microsoft Corporation.