RE: request page I can't have -> goes to login

---

• From: stcheng@xxxxxxxxxxxxxxxxxxxx (Steven Cheng[MSFT])
• Date: Tue, 06 Jun 2006 09:43:30 GMT

---

Thanks for the response Dave,

As for the below point you mentioned:
==========
The problem with that approach is it takes you to that page if they are not
logged in also - and in that case I do want them on the login page.
==========

I still think it is because the user is unauthorized (rather than
unauthenticated or not login), because it is because the page is prevent
from anonymous user(and the user hasn't login , so hasn't any roles or user
identity) that cause the user be redirected to the login page. So the login
page always accept unauthorized redirected requests(except we explicitly
visit it). My suggestion on this is you can dynamically determine whether
this is an unauthorized redirection request by looking for the "ReturnUrl"
querystring in the request. This is because when unauthorized user is
redirect to the login page, the formsauthentication will always append a
"ReturnUrl" querystring, so that it can redirect the user back to the
target resource(after logedIn). e.g.

http://localhost/IISTestSite/login.aspx?ReturnUrl=%2fIISTestSite%2fWSEAdmins
%2fDefault.aspx

You can display different UI according to this querystring in your login
page or even redirect it to your custom error page...

Regards,

Steven Cheng
Microsoft Online Community Support


==================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

==================================================


This posting is provided "AS IS" with no warranties, and confers no rights.



Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

.

---

• References:
  • RE: request page I can't have -> goes to login
    • From: Steven Cheng[MSFT]
  • RE: request page I can't have -> goes to login
    • From: David Thielen

• Prev by Date: RE: Number of users
• Next by Date: Re: ASP.NET "Custom" Security
• Previous by thread: RE: request page I can't have -> goes to login
• Next by thread: RE: QuickStartMembershipSqlProvider vs AspNetSqlMembershipProvider
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Logged in - Session timeout ... You have that info in a session, and then simply send them to: ... take any querystring info with it that you may need.... ... Now the users times out and you redirect them to your login page, ... (microsoft.public.inetserver.asp.general) Re: Logged in - Session timeout ... "Targa" wrote ... ... take any querystring info with it that you may need.... ... Now the users times out and you redirect them to your login page, ... (microsoft.public.inetserver.asp.general) Re: Default.aspx - newbie Q` ... check and redirect to the ReturnURL or Selected.aspx depending on the case. ... > and replace it with something that takes then straight to the login page. ... >> Curt Christianson ... >>> authentication ... (microsoft.public.dotnet.framework.aspnet) Re: Default.aspx - newbie Q` ... check and redirect to the ReturnURL or Selected.aspx depending on the case. ... > and replace it with something that takes then straight to the login page. ... >> Curt Christianson ... >>> authentication ... (microsoft.public.dotnet.framework.aspnet) Re: doesnt redirect ... Look under the Security tab. ... One of them is called the Internet zone and probably the one you are using. ... or better explain what you mean by>> redirect ... I think there are 2 interstitchal pages after submitting those login credentials before you get to the mailbox web page. ... (microsoft.public.windows.inetexplorer.ie6.browser)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.dotnet.framework.aspnet.security  > 2006-06