Solution to Forms Authentication redirecting to bogus default.aspx page with RedirectFromLoginPage

Discussion in 'ASP .Net Security' started by Tim_Mac, May 11, 2005.

  1. Tim_Mac

    Tim_Mac Guest

    hi,
    i've read a lot of posts here about people who ran into problems using
    forms authentication, and the RedirectFromLoginPage() method, which
    always redirects to a default.aspx. this is a big problem if you use
    sub-folders that don't have a default.aspx page, as in my case.
    i read some posts that suggested manually Response.Redirecting the user
    to the url in the querystring, but actually this is incorrect because
    Forms Auth puts the default.aspx in that querystring even if the user
    wasn't at a page called default.aspx.

    i put together a simple solution to get the redirecting to work
    properly, and would like to post it here for future reference:

    1. the Login page (Login.aspx) must be set up to read the
    HTTP_Referrer, and add it to the ViewState in the first Page_Load on
    that page.

    2. in the btnLogin_Click event on Login.aspx, the SetAuthCookie() event
    should be called, and the user should be Response.Redirected to the
    referrer value in the viewstate.

    Here is sample code:

    *****************
    Login.aspx
    *****************

    private void Page_Load(object sender, System.EventArgs e)
    {
    if(!IsPostBack)
    ViewState["originalUrl"] = Request.UrlReferrer.AbsoluteUri;
    }

    private void btnLogin_Click(object sender, System.EventArgs e)
    {
    string originalUrl = ViewState["originalUrl"];
    if(originalUrl == null || originalUrl == "") // in case the viewstate
    is corrupt, use default.aspx by 'default'
    originalUrl = "default.aspx";

    // do your password checking here
    // if it's all ok then...
    FormsAuthentication.SetAuthCookie(username, false);
    Response.Redirect(originalUrl, true);
    }
     
    Tim_Mac, May 11, 2005
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. .NET Follower
    Replies:
    2
    Views:
    673
    .NET Follower
    Feb 4, 2004
  2. Replies:
    4
    Views:
    5,548
    Patrick Olurotimi Ige
    Mar 1, 2005
  3. Jeremy Chapman
    Replies:
    1
    Views:
    2,984
    ajamrozek
    Sep 21, 2005
  4. sean

    RedirectFromLoginPage not redirecting

    sean, May 10, 2004, in forum: ASP .Net Security
    Replies:
    6
    Views:
    185
    carol
    May 21, 2004
  5. Replies:
    0
    Views:
    169
Loading...

Share This Page