What Determines the Default Page (And How to Change)?

Discussion in 'ASP .Net' started by Jonathan Wood, Nov 11, 2007.

  1. My site requires all users to log on. Depending on the user's role, they
    will have access to a certain set of pages.

    I implemented this by redirecting the user to the appropriate home page in
    the handler for the LoggedIn event of the Login control.

    The problem is that users don't always go through the Login control. For
    example, if I check the Remember Me box and then disconnect and then
    reconnect, I go straight to default.aspx in the root folder withough having
    to log in again. And so my code doesn't have a chance to redirect the user
    based on role in this case.

    I'm thinking the answer would be to modify the default page depending on the
    current role, but I'm not sure how to do that. I'm also curious if anyone
    has any better ideas.

    Thanks.

    --
    Jonathan Wood
    SoftCircuits Programming
    http://www.softcircuits.com
     
    Jonathan Wood, Nov 11, 2007
    #1
    1. Advertising

  2. The default page is determined by the web server and not something to be
    changed in code. Also, it's good not to mess with the list because it can
    affect perormance. The longer the list for example, the longer it takes IIS
    to check what is the default page for a directory.

    Why don't you put a check into the default.aspx page itself? You can check
    if the user is currently authenticated and if so, determine where they
    should go. Essentially, your default page just becomes a redirecting agent.
    The tricky part though is you wouldn't be able to have a normal default.aspx
    page since you can't determine whether the person who is visiting it just
    returned to the site, or if they have been logged on for a while and are
    just navigating around. With the right structure though this can be a moot
    point, especially if the default.aspx page isn't something that they'll hit
    except when they return to the site.


    --

    Hope this helps,
    Mark Fitzpatrick
    Microsoft MVP - Expression

    "Jonathan Wood" <> wrote in message
    news:%23cWYpZ$...
    > My site requires all users to log on. Depending on the user's role, they
    > will have access to a certain set of pages.
    >
    > I implemented this by redirecting the user to the appropriate home page in
    > the handler for the LoggedIn event of the Login control.
    >
    > The problem is that users don't always go through the Login control. For
    > example, if I check the Remember Me box and then disconnect and then
    > reconnect, I go straight to default.aspx in the root folder withough
    > having to log in again. And so my code doesn't have a chance to redirect
    > the user based on role in this case.
    >
    > I'm thinking the answer would be to modify the default page depending on
    > the current role, but I'm not sure how to do that. I'm also curious if
    > anyone has any better ideas.
    >
    > Thanks.
    >
    > --
    > Jonathan Wood
    > SoftCircuits Programming
    > http://www.softcircuits.com
    >
     
    Mark Fitzpatrick, Nov 11, 2007
    #2
    1. Advertising

  3. Couple of ways you can handle this one.

    1. Create a basepage class and have all the pages derive from it. Override
    the onpreinit event in the basepage class and add your logic to redirect
    users based on thier current roles.

    2. You can override the onauthenticate event in global.asax file and if the
    user is already authenticated and the current requested url is default.aspx,
    then apply your logic to redirect appropriately.

    Thanks,
    Kumaran
    Software Architect
    www.superbuild.com


    "Jonathan Wood" <> wrote in message
    news:%23cWYpZ$...
    > My site requires all users to log on. Depending on the user's role, they
    > will have access to a certain set of pages.
    >
    > I implemented this by redirecting the user to the appropriate home page in
    > the handler for the LoggedIn event of the Login control.
    >
    > The problem is that users don't always go through the Login control. For
    > example, if I check the Remember Me box and then disconnect and then
    > reconnect, I go straight to default.aspx in the root folder withough
    > having to log in again. And so my code doesn't have a chance to redirect
    > the user based on role in this case.
    >
    > I'm thinking the answer would be to modify the default page depending on
    > the current role, but I'm not sure how to do that. I'm also curious if
    > anyone has any better ideas.
    >
    > Thanks.
    >
    > --
    > Jonathan Wood
    > SoftCircuits Programming
    > http://www.softcircuits.com
    >
     
    Kumaran Sundar, Nov 11, 2007
    #3
  4. Kumaran,

    (Sorry for the slow reply. I've been trying to work through some of these
    issues.)

    > 1. Create a basepage class and have all the pages derive from it. Override
    > the onpreinit event in the basepage class and add your logic to redirect
    > users based on thier current roles.


    Thanks but I don't believe that will work. Users who are not supposed to
    access the default page do not have access to the root folder. Therefore, it
    appears they just get taken to the login page even though they are already
    logged in and authentication code withing default.aspx would never get a
    chance to run. I thought about setting the access-denied page and having
    that forward them, but even that won't work because some users will not have
    access to the folder that page is in.

    > 2. You can override the onauthenticate event in global.asax file and if
    > the user is already authenticated and the current requested url is
    > default.aspx, then apply your logic to redirect appropriately.


    Well, I couldn't find any OnAuthenticate event. But there is something like
    that. I'll play with that a bit and see if I can make it work.

    Thanks.

    --
    Jonathan Wood
    SoftCircuits Programming
    http://www.softcircuits.com

    >
    >
    > "Jonathan Wood" <> wrote in message
    > news:%23cWYpZ$...
    >> My site requires all users to log on. Depending on the user's role, they
    >> will have access to a certain set of pages.
    >>
    >> I implemented this by redirecting the user to the appropriate home page
    >> in the handler for the LoggedIn event of the Login control.
    >>
    >> The problem is that users don't always go through the Login control. For
    >> example, if I check the Remember Me box and then disconnect and then
    >> reconnect, I go straight to default.aspx in the root folder withough
    >> having to log in again. And so my code doesn't have a chance to redirect
    >> the user based on role in this case.
    >>
    >> I'm thinking the answer would be to modify the default page depending on
    >> the current role, but I'm not sure how to do that. I'm also curious if
    >> anyone has any better ideas.
    >>
    >> Thanks.
    >>
    >> --
    >> Jonathan Wood
    >> SoftCircuits Programming
    >> http://www.softcircuits.com
    >>

    >
    >
     
    Jonathan Wood, Nov 14, 2007
    #4
  5. Mark,

    (Sorry for the slow reply. I've been trying to work through some of these
    issues.)

    > Why don't you put a check into the default.aspx page itself? You can check
    > if the user is currently authenticated and if so, determine where they
    > should go. Essentially, your default page just becomes a redirecting
    > agent. The tricky part though is you wouldn't be able to have a normal
    > default.aspx page since you can't determine whether the person who is
    > visiting it just returned to the site, or if they have been logged on for
    > a while and are just navigating around. With the right structure though
    > this can be a moot point, especially if the default.aspx page isn't
    > something that they'll hit except when they return to the site.


    Thanks but I don't believe that will work. Users who are not supposed to
    access the default page do not have access to the root folder. Therefore, it
    appears they just get taken to the login page even though they are already
    logged in and authentication code withing default.aspx would never get a
    chance to run. I thought about setting the access-denied page and having
    that forward them, but even that won't work because some users will not have
    access to the folder that page is in.

    --
    Jonathan Wood
    SoftCircuits Programming
    http://www.softcircuits.com


    "Mark Fitzpatrick" <> wrote in message
    news:Ovd$...
    > The default page is determined by the web server and not something to be
    > changed in code. Also, it's good not to mess with the list because it can
    > affect perormance. The longer the list for example, the longer it takes
    > IIS to check what is the default page for a directory.
    >
    >
    >
    > --
    >
    > Hope this helps,
    > Mark Fitzpatrick
    > Microsoft MVP - Expression
    >
    > "Jonathan Wood" <> wrote in message
    > news:%23cWYpZ$...
    >> My site requires all users to log on. Depending on the user's role, they
    >> will have access to a certain set of pages.
    >>
    >> I implemented this by redirecting the user to the appropriate home page
    >> in the handler for the LoggedIn event of the Login control.
    >>
    >> The problem is that users don't always go through the Login control. For
    >> example, if I check the Remember Me box and then disconnect and then
    >> reconnect, I go straight to default.aspx in the root folder withough
    >> having to log in again. And so my code doesn't have a chance to redirect
    >> the user based on role in this case.
    >>
    >> I'm thinking the answer would be to modify the default page depending on
    >> the current role, but I'm not sure how to do that. I'm also curious if
    >> anyone has any better ideas.
    >>
    >> Thanks.
    >>
    >> --
    >> Jonathan Wood
    >> SoftCircuits Programming
    >> http://www.softcircuits.com
    >>

    >
    >
     
    Jonathan Wood, Nov 14, 2007
    #5
  6. Hi Jonathan,

    As I mentioned in your other thread, I think the real problem is that you
    have restricted access to the default page in the root folder. IMO it would
    be best to redesign your site such that all users have access to the root
    folder and move any pages that need to be secured into sub-folders.

    Scott



    "Jonathan Wood" <> wrote in message
    news:...
    > Users who are not supposed to access the default page do not have access
    > to the root folder.
     
    Scott Roberts, Nov 15, 2007
    #6
  7. Yeah, I haven't come up with anything better. However, now I'm wondering if
    I can make access to Default.aspx global but keep other files in the root
    folder restricted. This way, all users can access Default.aspx but the
    primary users will still use the root folder.

    Now I just need to determine if ASP.NET will allow me to allow all users to
    access a single file in a folder but not any other files...

    Thanks.

    --
    Jonathan Wood
    SoftCircuits Programming
    http://www.softcircuits.com

    "Scott Roberts" <> wrote in message
    news:...
    > Hi Jonathan,
    >
    > As I mentioned in your other thread, I think the real problem is that you
    > have restricted access to the default page in the root folder. IMO it
    > would be best to redesign your site such that all users have access to the
    > root folder and move any pages that need to be secured into sub-folders.
    >
    > Scott
    >
    >
    >
    > "Jonathan Wood" <> wrote in message
    > news:...
    >> Users who are not supposed to access the default page do not have access
    >> to the root folder.

    >
     
    Jonathan Wood, Nov 15, 2007
    #7
  8. And I found I am able to allow global access to Default.aspx but not other
    files in the root folder. I'm pretty sure I'll go with some variation on
    that!

    Thanks agian.

    --
    Jonathan Wood
    SoftCircuits Programming
    http://www.softcircuits.com

    "Scott Roberts" <> wrote in message
    news:...
    > Hi Jonathan,
    >
    > As I mentioned in your other thread, I think the real problem is that you
    > have restricted access to the default page in the root folder. IMO it
    > would be best to redesign your site such that all users have access to the
    > root folder and move any pages that need to be secured into sub-folders.
    >
    > Scott
    >
    >
    >
    > "Jonathan Wood" <> wrote in message
    > news:...
    >> Users who are not supposed to access the default page do not have access
    >> to the root folder.

    >
     
    Jonathan Wood, Nov 15, 2007
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Soefara
    Replies:
    0
    Views:
    862
    Soefara
    Feb 10, 2004
  2. Thomas Matthews
    Replies:
    6
    Views:
    1,081
    Peter van Merkerk
    Aug 23, 2003
  3. Stuart Smith
    Replies:
    1
    Views:
    121
    David Heinemeier Hansson
    Apr 14, 2005
  4. OrganicFreeStyle

    Style: Case determines what's a constants?

    OrganicFreeStyle, Jun 11, 2006, in forum: Ruby
    Replies:
    5
    Views:
    94
    OrganicFreeStyle
    Jun 12, 2006
  5. George Hester

    The user determines the Site

    George Hester, Jan 11, 2004, in forum: Javascript
    Replies:
    2
    Views:
    78
    George Hester
    Jan 11, 2004
Loading...

Share This Page