Re: How to keep RETURNURL when accessing a secure page, yet disable it when logging in explicitly ?

anas — Wed, 30 Apr 2008 20:49:52 GMT

Hello,

I tried to change the login status control behaviour with no luck,

I think the only solution is to write you own login status control, I did one for you ,

you can accomplish that by adding a new user control and putting the following link buttons iniside it ,

 <asp:LinkButton ID="LnkLogin" runat="server" >Login</asp:LinkButton>
<asp:LinkButton ID="lnkLogout"  runat="server">Logout</asp:LinkButton>

then in user control code behind, you handle the click events of those linkbuttons as follows:

    Protected Sub LnkLogin_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles LnkLogin.Click
        Response.Redirect(FormsAuthentication.LoginUrl)
    End Sub

    Protected Sub lnkLogout_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles lnkLogout.Click
        FormsAuthentication.SignOut()
        Response.Redirect(FormsAuthentication.LoginUrl)
    End Sub


    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
        LnkLogin.Visible = Not Page.User.Identity.IsAuthenticated
        lnkLogout.Visible = Page.User.Identity.IsAuthenticated

    End Sub

now , you can replace the login status control with your user control ....

Regards,

How to keep RETURNURL when accessing a secure page, yet disable it when logging in explicitly ?

S2kDriver — Wed, 30 Apr 2008 15:05:14 GMT

I have a loginstatus control on my masterpage so that a user would have the ability to login no matter what page of the website he is on. When he clicks on that, it brings him to the login page with the login control. I explicitly hardcoded a specific page for the destinationpageurl attribute of the login control, but it seems the returnurl overrides that setting. It seems the returnurl is set for the page I was previously on. Why is the returnurl being set if I wanted to just login explicitly? How would the hardcoded destinationpageurl ever get a chance to work then?

However, the returnurl is very useful to me in other situations. For example, say an unauthenticated user is browsing the site and he clicks on a button (or link or whatever) that leads to a secure page (all of my secure pages are under a folder allowing only authenticated users to view them). The site directs him automatically to the login page with the returnurl instructing the site to forward him to the intended destination after successful login. This is desirable. However, as stated earlier, when a user explicitly clicks on the loginstatus to log in, I want him to be directly led to a specfic page (like myaccount.aspx or something).

How do I do this?

Thanks in advance.

Security

Re: How to keep RETURNURL when accessing a secure page, yet disable it when logging in explicitly ?

How to keep RETURNURL when accessing a secure page, yet disable it when logging in explicitly ?