Security

Re: Sucessful login to go to the page you originally wanted to go to?

tlsterling — Tue, 02 Sep 2008 21:10:26 GMT

I know this post is a little out-dated, but for those of you who stumble onto this issue - I found that I was missing a piece of the picture. Josh's comment above stating "By default, the login control will redirect the user to the requested page if authentication is successful." is accurate - so long as you're not trying to manually complete the authentication redirection process.

First, make sure you've eliminated anonymous access to the page the user is attempting to navigate to at the web.config level:

Now, if you've got any type of Membership-checking redirection functionality written into the Page_Load of your user's destination - something similar to the following, take it out:

        if (Membership.GetUser() == null)
            Server.Transfer("Login.aspx");
        userID = (Guid)Membership.GetUser().ProviderUserKey;
        if (userID == null)
            Server.Transfer("Login.aspx");

Confirm you've removed any Login control instructions for where to re-direct the user after authentication and now you should see your application behave appropriately by redirecting the user back to their originally intended destination following authentication.

My problem was that I was not taking full advantage of the Membership features and allowing the application to lock the user out automatically. In doing so, and manually re-directing the user to the Login.aspx page, the application had no idea where my user had originally intended to go.

I hope my ignorance and frustration helps someone else out along the way.

Re: Sucessful login to go to the page you originally wanted to go to?

Mnemonic — Mon, 12 Nov 2007 02:28:30 GMT

Just for the record if anyone else has things set up like me... I figured out a way to fix this.

In the page that redirects to the login page, put in the page_load:

If not user.identity.isauthenticated = true then

response.redirect("Login.aspx?ReturnPage=MyPage.aspx?ifyouhaveaquery=" & Whatever.text)

Then in the login page (since we know they ARENT logged in) in the page_load

If user.identity.isauthenticated = true then

response.redirect(Request.querystring("ReturnPage"))

Pretty easy when ya think about it :)

Re: Sucessful login to go to the page you originally wanted to go to?

Mnemonic — Sun, 23 Sep 2007 00:29:57 GMT

XiaoYong Dai – MSFT:

Hi

Could you please paste the code snippet so that we can find some clue?

<asp:Login ID="Login1" runat="server" BackColor="#C2D0E0" BorderColor="#6780B8" BorderStyle="Solid" BorderWidth="1px" LoginButtonImageUrl="~/images/login.gif" LoginButtonType="Image">

</asp:Login>

Nothing special about this... searched the document, and default.aspx is nowhere in there...

Re: Sucessful login to go to the page you originally wanted to go to?

XiaoYong Dai – MSFT — Wed, 19 Sep 2007 10:36:48 GMT

Could you please paste the code snippet so that we can find some clue?

Re: Sucessful login to go to the page you originally wanted to go to?

Mnemonic — Tue, 18 Sep 2007 14:14:22 GMT

I removed that, and now it takes me to Default.aspx, instead of the intended page.

Re: Sucessful login to go to the page you originally wanted to go to?

joshj — Mon, 17 Sep 2007 20:18:55 GMT

By default, the login control will redirect the user to the requested page if authentication is successful. Your specification of what page to send them to overwrites that built-in function. One solution would be to remove the specification that you declared.

Sucessful login to go to the page you originally wanted to go to?

Mnemonic — Mon, 17 Sep 2007 19:45:04 GMT

Hey all, in my login control, i can specify the page i want the user to go to if the login was sucessful, but what if the user clicked on a login-required page, then sucessfully logged in, but it throws them back to the page that i set... how would i make it send them to the page they wanted to go to originally?