How to modify the default page flow in ASP.NET

[Robert Rotstein]

I have a homework assignment to create a simple web site and, in certain
circumstances, to alter the default sequence of pages displayed -- for
instance, if the user attempts to visit a page before being
authenticated, he is to be directed to a special page, instead of the
default login page. My approach has been to intercept page requests in
Global.Application_BeginRequest(), see which page is being requested,
and do either a Server.Transfer() or Response.Redirect(), or nothing at
all. While this has been mostly successful, it has unfortunately led to
a vast proliferation of flags, checks, copying of the Session object
into Global, having utility methods in other classes set fields in
Global -- a big, unwieldy mess, which means that it is surely wrong.
Can someone give me a hint on what is the basic approach, the mechanism
to use, to have this application gain complete control over the page
sequencing?

 

[clintonG]

Your on the wrong track Robert.
ASP.NET 2.0 supports Membership, Roles and Profiles. Even the SQL database
is built using aspnet_regsql. Once the web.config is written correctly we
just drag and drop controls and any allow or deny access rights are handled
by the logic encapsulated in the login control on the basis of the
declarations located in web.config.

All of this is declarative now Robert with nearly no code required (at least
initially). Membership, Roles and Profiles is what you want to learn to get
an A on this assignment.

<%= Clinton Gallagher
METROmilwaukee (sm) "A Regional Information Service"
NET csgallagher AT metromilwaukee.com
URL http://metromilwaukee.com/
URL http://clintongallagher.metromilwaukee.com/

 

[Robert Rotstein]

Thanks -- but I'm using version 1.1. There must be a simple to do this.
How do I determine which user submits a particular page request even
BEFORE they've been authenticated? That's part of the assignment -- go
to a special error page in case a user tries to go to some page on the
web site before they login and get authenticated.

Robert

 

[Greg Burns]

I have a homework assignment to create a simple web site and, in certain
circumstances, to alter the default sequence of pages displayed -- for
instance, if the user attempts to visit a page before being authenticated,
he is to be directed to a special page, instead of the default login page.
My approach has been to intercept page requests in
Global.Application_BeginRequest(), see which page is being requested, and
do either a Server.Transfer() or Response.Redirect(), or nothing at all.
While this has been mostly successful, it has unfortunately led to a vast
proliferation of flags, checks, copying of the Session object into Global,
having utility methods in other classes set fields in Global -- a big,
unwieldy mess, which means that it is surely wrong. Can someone give me a
hint on what is the basic approach, the mechanism to use, to have this
application gain complete control over the page sequencing?

Here is some code I use to display the reason why a user ended up at
login.aspx. Haven't tried it but it should be pretty simple to redirect to
different page using this same logic.

Protected Sub Page_Load(ByVal sender As Object, ByVal e As
System.EventArgs) Handles Me.Load

If Not Page.IsPostBack Then

Dim returnUrl As String = Request.QueryString("ReturnUrl")
If Not (returnUrl = Nothing) Then

' Is the user currently authenticated??
If User.Identity.IsAuthenticated Then
' If YES, then they must be here because they attempted
to access a page
' that they do not have authorization to access

' throw them back to default, not where they were trying
to go
' do this in case cannot login with correct role...

lblReason.Text = "You have arrived at the login page for
the following reason:<br><br>"
lblReason.Text &= "You are not in the correct role to
view the page that your were attempting to view.<br><br>"
Else
' If NO, then they must be here because they attempted
to access a page
' and they have not yet been authenticated
lblReason.Text = "You have arrived at the login page for
the following reason:<br><br>"
lblReason.Text &= "You are not currently
authenticated.<br><br>"
End If
Else
' returnURL is blank, user must have purposefully went to
login page

' if currently sign in, sign em out...
If User.Identity.IsAuthenticated Then
' Redirect to requested URL, or homepage if no previous
page requested
FormsAuthentication.SignOut()

End If


End If
End If

End Sub

Greg