Thursday, November 18, 2010
Detecting Attempts to Access a Protected Page

Q. I built an application using web site factory. The application has a
dedicated login page. If I login as "admin" and navigate to the
membership page, then log out and log back in as "user" (which does
not have rights to the membership page), I get stuck. I think because
"user" does not have rights to visit the last page I visited before I
logged out, I can not get past the login page without logging back in
as admin, navigating off of membership page, then logging back out.

A.

This is the standard ASP.NET behavior. You are signed in as a "user" but the redirect URL still tries to access the membership page, which "user" is not accessible to "user" account.

There are two options to fix that:

1) Offer a static link to the home page of your application in ~/App_Code/Controls/Login.acxs. User can click on the link to access the home page and break the login auto-redirects.

2) Add the following line of code into ~/App_Code/Controls/Login.ascx.cs:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;

public partial class Controls_Welcome : System.Web.UI.UserControl
{
    
    protected void Page_Load(object sender, EventArgs e)
    {
        if (Page.User.Identity.IsAuthenticated && 
                !String.IsNullOrEmpty(Request.Params["ReturnUrl"]))
            Response.Redirect("~/Pages/Home.aspx");
    }
}

The code will detect the RedirectUrl parameter in the page URL and redirect the user to home automatically.