RE: FormsAuthentication - how to specify redirect page for disallo
From: ranganh (ranganh_at_discussions.microsoft.com)
Date: 07/29/04
- Next message: Shaun: "RE: FormsAuthentication - how to specify redirect page for disallo"
- Previous message: Fernandez: "Where to store UserID/Password"
- In reply to: Shaun: "RE: FormsAuthentication - how to specify redirect page for disallo"
- Next in thread: Shaun: "RE: FormsAuthentication - how to specify redirect page for disallo"
- Reply: Shaun: "RE: FormsAuthentication - how to specify redirect page for disallo"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 29 Jul 2004 03:34:33 -0700
Dear Shaun,
Check the ReturnURL paramteter. You can check if Request.QueryString(ReturnURl) is not null and then check if User.Identity.IsAuthenticated and then redirect him to your Custom Page.
If the user goes back to login page on his own, the ReturnUrl parameter won't come and hence he wont be redirected.
Well, this is just a solution for your problem since MS hasnt provided any custom authorization redirection technique as of now.
But, the above logic should work good. Lets hope for some better enhancements in 2.0
Thanks.
"Shaun" wrote:
> What about when a user goes back to the login page somehow - this would not be right, ie he should be pushed to the homepage rather than a 'this page is not included in your subscription' page.
>
> S
>
>
> --------------------------
> Shaun Venus
>
> emailid: sunevnuahs
> domain: hotmail.com
> --------------------------
>
>
> "ranganh" wrote:
>
> > Ok Shaun,
> >
> > Do it this way. Even though you have lots of pages, you will have only a single login page right?
> >
> > In the Login page's page_load event, you can check if the User is Authenticated. Well if he is authenticated that means he has tried to access some authorized page, so you can redirect him to Your custom page which says you are not authorized to view this page.
> >
> > Sounds good?
> >
> >
> >
> > "Shaun" wrote:
> >
> > > I think I was perhaps a little light on the explanation as to what I am trying to do.
> > >
> > > The site I am working with has over 50,000 pages of content that are syndicated from a CMS. The CMS can create pages of many types such as htm, asp, aspx etc. This site is an asp.net site and so the pages are created as .aspx files, but have no .net code in them or any code behind – they just sit on the site and as aspx pages fall under the forms authentication security used on the site.
> > >
> > > The sites content is broken down into areas which users can subscribe to. It is this that raises the requirement for different folders being marked as part of different subscriptions – hence using the role functionality of web.config and forms authentication to achieve it (but with the problem explained earlier).
> > >
> > > I have written code for an HttpModule that finds the relevant web.config and reads the authorization section to get the list of allowed roles – this all works fine. This is done in the Module by handling AuthorizeRequest. If I find the user is denied access to the content then the request is redirected using the HttpApplication.Context.Current.RewritePath method.
> > >
> > > Sorted. But why could this not be an option in the web,config to save all this work?
> > >
> > >
> > >
> > >
> > > --------------------------
> > > Shaun Venus
> > >
> > > emailid: sunevnuahs
> > > domain: hotmail.com
> > > --------------------------
> > >
> > >
> > > "ranganh" wrote:
> > >
> > > > Dear Shaun,
> > > >
> > > > What you can do is, on the page_load event of the pages which have only 'admin' priveleges (or whatever high privelege you give only for authorized users), you can check if the User Is In Role and redirect them to your custom page.
> > > >
> > > > If(! User.IsInRole("admin"))
> > > > {
> > > >
> > > > Response.Redirect("Notauthorized.aspx");
> > > >
> > > > }
> > > >
> > > > that would help you in acheiving your requirement.
> > > >
> > > > Hope it helps.
> > > >
> > > > "Shaun" wrote:
> > > >
> > > > > I want to use asp.net forms authentication to control access to various parts of a site. Users subscribe to different content areas and are then assigned into the appropriate roles which are specified in the web.config for the content area (each content area is in separate folder with its own web.config).
> > > > >
> > > > > Login, storing and reading back the roles for the user is no problem (many resources on the web for that).
> > > > >
> > > > > What I am having trouble with is working out how (or even if - though I would have thought it possible somehow) it is possible to have a custom page shown telling the user they are not authorized for access the content requested - the default behaviour seems to be redirecting back to the login/home page.
> > > > >
> > > > > To achieve this I was thinking that perhaps an HttpModule handling the AuthorizeRequest event could be used, however what I need to be able to do is read the list of allowed roles for the request. I guess it would be possible to read back up through the path to the content and find the first web.config file then read the xml. Surely there must be an easier way to achieve this with all the File/Folder access this method would required.
> > > > >
> > > > > The end result should be that when a user tries to access content that their roles do not allow a custom page telling them this is the case is shown.
> > > > >
> > > > > Can anyone out there help as I've trawled the web for a long time now and not got an answer (and very mixed views from others).
> > > > >
> > > > > Thanks,
> > > > >
> > > > > --------------------------
> > > > > Shaun Venus
> > > > >
> > > > > emailid: sunevnuahs
> > > > > domain: hotmail.com
> > > > > --------------------------
- Next message: Shaun: "RE: FormsAuthentication - how to specify redirect page for disallo"
- Previous message: Fernandez: "Where to store UserID/Password"
- In reply to: Shaun: "RE: FormsAuthentication - how to specify redirect page for disallo"
- Next in thread: Shaun: "RE: FormsAuthentication - how to specify redirect page for disallo"
- Reply: Shaun: "RE: FormsAuthentication - how to specify redirect page for disallo"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
