What if I dont want to redirect after a user logs in?

B

Brian Lowe

I'm using Forms authentication with my user data in a SQL db. I have pages
in the main appliaction folder accessible to anonymous users and I've set
security to deny annonymous users access to pages in several sub folders
(e.g. admin). I've set up a login page where users trying to access any
/admin/ page are diverted to and on successful login they are redirected
back to the page they requested.

All is well. Everything works.

I want it to work a different way.

I want to display a user control on every page to enable a visitor to login
at any time (or log out if he's logged in) and to show options appropriate
to logged in users. I have it mostly working BUT when my user is on page
/somepage.aspx and logs in I want him to see page /somepage.aspx again
(revised with appropriate options for a logged in user) and *not*
default.aspx or any other page.

FormsAuthentication seems to demand that I send my user away to another
page, and uses Default.aspx if there isn't one specified in the URL.

How can I get my user authenticated and keep him on the same page?

I guess I'm looking for a
FormsAuthentication.AuthenticateButDontRedirectAnywhere() method.

Anyone done this? Anyone tell me where I should be looking?

Brian Lowe
---------@
 
C

Cowboy

You are reinventing the wheel, to an extent, but I can understand the issue.

What I have done is create the majority of the page (anything that can have
multiple states, like logged in, not logged in) in controls (server or user,
your choice). I then set up a user object when the user logs in. A user can
surf the entire site, but the user object is null until he logs in. To test
basic state, I simply pull the user object and test if it is null. If so,
don't show logged in elements; if not null, show them. There are a couple of
ways to handle this, from Session["userObject"] to creating a singleton.
NOTE: You can also use the extremely thin Session["LoggedIn"].

The next version of .NET has more facilities that do this "automagically".

This also allows me to have role based security, as the logged in user may
belong to different roles. I have created a UserInRole() method of my user
object that tests the user against a role, or roles. You may not need to go
this far.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

************************************************
Think Outside the Box!
************************************************
 
B

Brian Lowe

It really is that obvious!

Thanks for pointing this out. I don't know how I missed it in my search
through the docs, but now I see it it does exactly what I want. I must
havebeen looking for some wierd thing!

Thanks!

Brian Lowe
---------@
 
B

Brian Lowe

Thanks but you seem to be answering a question I didn't ask.

Rick Spiewak answered it very succinctly.

What you describe is broadly what I had done in classic ASP for previous
applications, including a roll-your-own roles based model. Now that it's
all built in to ASP.Net I'm keen to take advantage of what's already there.

Brian Lowe
---------@
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,482
Members
44,901
Latest member
Noble71S45

Latest Threads

Top