What Determines the Default Page (And How to Change)?

J

Jonathan Wood

My site requires all users to log on. Depending on the user's role, they
will have access to a certain set of pages.

I implemented this by redirecting the user to the appropriate home page in
the handler for the LoggedIn event of the Login control.

The problem is that users don't always go through the Login control. For
example, if I check the Remember Me box and then disconnect and then
reconnect, I go straight to default.aspx in the root folder withough having
to log in again. And so my code doesn't have a chance to redirect the user
based on role in this case.

I'm thinking the answer would be to modify the default page depending on the
current role, but I'm not sure how to do that. I'm also curious if anyone
has any better ideas.

Thanks.
 
M

Mark Fitzpatrick

The default page is determined by the web server and not something to be
changed in code. Also, it's good not to mess with the list because it can
affect perormance. The longer the list for example, the longer it takes IIS
to check what is the default page for a directory.

Why don't you put a check into the default.aspx page itself? You can check
if the user is currently authenticated and if so, determine where they
should go. Essentially, your default page just becomes a redirecting agent.
The tricky part though is you wouldn't be able to have a normal default.aspx
page since you can't determine whether the person who is visiting it just
returned to the site, or if they have been logged on for a while and are
just navigating around. With the right structure though this can be a moot
point, especially if the default.aspx page isn't something that they'll hit
except when they return to the site.
 
K

Kumaran Sundar

Couple of ways you can handle this one.

1. Create a basepage class and have all the pages derive from it. Override
the onpreinit event in the basepage class and add your logic to redirect
users based on thier current roles.

2. You can override the onauthenticate event in global.asax file and if the
user is already authenticated and the current requested url is default.aspx,
then apply your logic to redirect appropriately.

Thanks,
Kumaran
Software Architect
www.superbuild.com
 
J

Jonathan Wood

Kumaran,

(Sorry for the slow reply. I've been trying to work through some of these
issues.)
1. Create a basepage class and have all the pages derive from it. Override
the onpreinit event in the basepage class and add your logic to redirect
users based on thier current roles.

Thanks but I don't believe that will work. Users who are not supposed to
access the default page do not have access to the root folder. Therefore, it
appears they just get taken to the login page even though they are already
logged in and authentication code withing default.aspx would never get a
chance to run. I thought about setting the access-denied page and having
that forward them, but even that won't work because some users will not have
access to the folder that page is in.
2. You can override the onauthenticate event in global.asax file and if
the user is already authenticated and the current requested url is
default.aspx, then apply your logic to redirect appropriately.

Well, I couldn't find any OnAuthenticate event. But there is something like
that. I'll play with that a bit and see if I can make it work.

Thanks.
 
J

Jonathan Wood

Mark,

(Sorry for the slow reply. I've been trying to work through some of these
issues.)
Why don't you put a check into the default.aspx page itself? You can check
if the user is currently authenticated and if so, determine where they
should go. Essentially, your default page just becomes a redirecting
agent. The tricky part though is you wouldn't be able to have a normal
default.aspx page since you can't determine whether the person who is
visiting it just returned to the site, or if they have been logged on for
a while and are just navigating around. With the right structure though
this can be a moot point, especially if the default.aspx page isn't
something that they'll hit except when they return to the site.

Thanks but I don't believe that will work. Users who are not supposed to
access the default page do not have access to the root folder. Therefore, it
appears they just get taken to the login page even though they are already
logged in and authentication code withing default.aspx would never get a
chance to run. I thought about setting the access-denied page and having
that forward them, but even that won't work because some users will not have
access to the folder that page is in.
 
S

Scott Roberts

Hi Jonathan,

As I mentioned in your other thread, I think the real problem is that you
have restricted access to the default page in the root folder. IMO it would
be best to redesign your site such that all users have access to the root
folder and move any pages that need to be secured into sub-folders.

Scott
 
J

Jonathan Wood

Yeah, I haven't come up with anything better. However, now I'm wondering if
I can make access to Default.aspx global but keep other files in the root
folder restricted. This way, all users can access Default.aspx but the
primary users will still use the root folder.

Now I just need to determine if ASP.NET will allow me to allow all users to
access a single file in a folder but not any other files...

Thanks.
 
J

Jonathan Wood

And I found I am able to allow global access to Default.aspx but not other
files in the root folder. I'm pretty sure I'll go with some variation on
that!

Thanks agian.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,482
Members
44,901
Latest member
Noble71S45

Latest Threads

Top