RE: 401 with Forms Authentication and Roles
- From: stcheng@xxxxxxxxxxxxxxxxxxxx (Steven Cheng[MSFT])
- Date: Tue, 14 Aug 2007 02:25:11 GMT
Thanks for your further reply Chuck,
So your current implementation is using the "Application_EndRequest" event
and check both "IsAuthenticated" property and REsponse's StatusCode to
determine the user authorization status.
Actually, my suggestion in previous reply is to put the code logic directly
in the login page's Page_load event(since any unauthorized users are always
expected to be redirected to login page first). You can check the
"User.IsAuthenticated" and Request.QueryString["ReturnUrl"] there to
determine whether the current user is authenticated user and whether he is
redirected to login page because of access denied(rather than manually
navigate to login page).
here is a test code snippet that also works in my test application:
protected void Page_Load(object sender, EventArgs e)
{
if (Context.User.Identity.IsAuthenticated == true &&
Request.QueryString["ReturnUrl"] != null)
{
Server.Transfer("~/AccessDeniedPage.aspx");
}
...................
<<<<<<<<<<<<<<<<<<<<<<
One good point of using Login page is that it won't perform the check for
each ASP.NET request(like what Application_XX event or httpmodule does).
Hope this also helps.
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
This posting is provided "AS IS" with no warranties, and confers no rights.
.
- References:
- RE: 401 with Forms Authentication and Roles
- From: Steven Cheng[MSFT]
- RE: 401 with Forms Authentication and Roles
- From: Steven Cheng[MSFT]
- RE: 401 with Forms Authentication and Roles
- Prev by Date: Re: Kerberos to NTLM delegation timeout
- Next by Date: Problem deploying forms authorization
- Previous by thread: RE: 401 with Forms Authentication and Roles
- Next by thread: RE: 401 with Forms Authentication and Roles
- Index(es):
Relevant Pages
|
|
