Detecting Attempts to Access a Protected Page

Labels
AJAX(112) App Studio(7) Apple(1) Application Builder(245) Application Factory(207) ASP.NET(95) ASP.NET 3.5(45) ASP.NET Code Generator(72) ASP.NET Membership(28) Azure(18) Barcode(2) Barcodes(3) BLOB(18) Business Rules(1) Business Rules/Logic(140) BYOD(13) Caching(2) Calendar(5) Charts(29) Cloud(14) Cloud On Time(2) Cloud On Time for Windows 7(2) Code Generator(54) Collaboration(11) command line(1) Conflict Detection(1) Content Management System(12) COT Tools for Excel(26) CRUD(1) Custom Actions(1) Data Aquarium Framework(122) Data Sheet(9) Data Sources(22) Database Lookups(50) Deployment(22) Designer(177) Device(1) DotNetNuke(12) EASE(20) Email(6) Features(101) Firebird(1) Form Builder(14) Globalization and Localization(6) How To(1) Hypermedia(2) Inline Editing(1) Installation(5) JavaScript(20) Kiosk(1) Low Code(3) Mac(1) Many-To-Many(4) Maps(6) Master/Detail(36) Microservices(4) Mobile(63) Mode Builder(3) Model Builder(3) MySQL(10) Native Apps(5) News(18) OAuth(9) OAuth Scopes(1) OAuth2(13) Offline(20) Offline Apps(4) Offline Sync(5) Oracle(11) PKCE(2) Postgre SQL(1) PostgreSQL(2) PWA(2) QR codes(2) Rapid Application Development(5) Reading Pane(2) Release Notes(183) Reports(48) REST(29) RESTful(29) RESTful Workshop(15) RFID tags(1) SaaS(7) Security(81) SharePoint(12) SPA(6) SQL Anywhere(3) SQL Server(26) SSO(1) Stored Procedure(4) Teamwork(15) Tips and Tricks(87) Tools for Excel(2) Touch UI(93) Transactions(5) Tutorials(183) Universal Windows Platform(3) User Interface(338) Video Tutorial(37) Web 2.0(100) Web App Generator(101) Web Application Generator(607) Web Form Builder(40) Web.Config(9) Workflow(28)
Archive
Blog
Thursday, November 18, 2010PrintSubscribe
Detecting Attempts to Access a Protected Page

Q. I built an application using web site factory. The application has a
dedicated login page. If I login as "admin" and navigate to the
membership page, then log out and log back in as "user" (which does
not have rights to the membership page), I get stuck. I think because
"user" does not have rights to visit the last page I visited before I
logged out, I can not get past the login page without logging back in
as admin, navigating off of membership page, then logging back out.

A.

This is the standard ASP.NET behavior. You are signed in as a "user" but the redirect URL still tries to access the membership page, which "user" is not accessible to "user" account.

There are two options to fix that:

1) Offer a static link to the home page of your application in ~/App_Code/Controls/Login.acxs. User can click on the link to access the home page and break the login auto-redirects.

2) Add the following line of code into ~/App_Code/Controls/Login.ascx.cs:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;

public partial class Controls_Welcome : System.Web.UI.UserControl
{
    
    protected void Page_Load(object sender, EventArgs e)
    {
        if (Page.User.Identity.IsAuthenticated && 
                !String.IsNullOrEmpty(Request.Params["ReturnUrl"]))
            Response.Redirect("~/Pages/Home.aspx");
    }
}

The code will detect the RedirectUrl parameter in the page URL and redirect the user to home automatically.