How to redirect different users to different pages?

[antonyliu2002]

I am not sure how to google this concept.

Basically, what I wanna do is to direct different users to different
pages. I do not have a whole lot users.

For example, if user name 'tomcat' logins successfully with the correct
password, I want to direct this guy to 'tomcat_page.aspx'. And if the
user name 'jerrymouse' logins successfully with the right password, I
want to direct him to 'jerrymouse_page.aspx'.

In other words, I want to be able to do

If (txtUsername.Text = "tomcat") Then
Response.Redirect("tomcat_page.aspx")
Else If (txtUsername.Text = "jerrymouse") Then
Response.Redirect("jerrymouse_page.aspx")
End If

I think this would be a pretty easy task, but I am new to
authentication/authorization and have no clue.

 

[Adrian Parker]

Do you mean like this ?

Response.Redirect(txtUsername.Text + "_page.aspx")

 

[Jacob]

Actually what you want to do (since the user has succesfully logged in)
is:
Response.Redirect(User.Identity.Name & "_page.aspx")

You could also have a look at the RewritePath method if you want it
more fancy.

 

[antonyliu2002]

Thanks, but I am using form authentication like so:

<script runat="server">
Sub btnSubmit_Click(sender as object, e as eventargs)
If FormsAuthentication.Authenticate(txtUsername.text,
txtPassword.text) Then
FormsAuthentication.SetAuthCookie(txtUsername.text, true)
Response.Redirect("wheretogo.aspx")
Else
lblMsg.Text = "Invalid username or password"
End If
End Sub
</script>

In other words, the user names and passwords are all set up in
web.config. They are authenticated as a group as shown in the code
above. So I have no means in the .Net VB code to check the individual
user name and password.

Should I use windows authentication instead?

 

[antonyliu2002]

But the problem is that the users are authenticated as a group. See my
reply to Adrian Parker please.

 

[Jacob]

Even if you set up the user names in the web.config file you can still
assign individual user names and passwords. The credentials element
holds a collection of user/password. So when you authenticate you can
check against this list and issue the proper authentication cookie.

 

[antonyliu2002]

That sounds great.

I don't have access to the web server right now, so I cannot test it.

So, you meant that I can do things like below?

Sub btnSubmit_Click(sender as object, e as eventargs)
If FormsAuthentication.Authenticate(txtUsername.text,
txtPassword.text) Then
If (txtUsername.Text = "tomcat") Then

FormsAuthentication.SetAuthCookie(txtUsername.text, true)
Response.Redirect("tomcat_page.aspx")
Else If (txtUsername.Text = "jerrymouse") Then

FormsAuthentication.SetAuthCookie(txtUsername.text, true)
Response.Redirect("jerrymouse_page.aspx")
Else
lblMsg.Text = "Invalid username or password"
End If
End Sub

 

[Guest]

Are you going to hard-code these logic? Once you have new user, you need
change your code!

The better way is create a table in database or xml file, then lookup and
map to proper url. After that, you only need change in table.

HTH

Elton Wang

 

[antonyliu2002]

That's a great point. Fortunately, I am not going to have a lot of new
users. So this silly logic would probably suffice.

But I am interested in learning to authenticate and authorize users
stored in a database.

Say, if I have a table T_User in my database that looks like this:

U_Username U_Firstname U_Lastname U_Passwd
tomcat George Bush abc123
jerrymouse Saddam Hussein 123abc

How do I authenticate these users since they are in the database? I
know how they can be authenticated and authorized in web.config, which
I just learned today.

Thanks.

 

[Guest]

Hope following URL is helpful to you.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT03.asp