Re: RedirectFromLoginPage
From: rufus (heinz_at_online.de)
Date: 09/16/04
- Next message: One Handed Man \( OHM - Terry Burns \): "Re: AutoGenerateColumns and ViewState"
- Previous message: Mike: "Re: Print without the print dialog box"
- In reply to: Greg Burns: "Re: RedirectFromLoginPage"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 16 Sep 2004 10:34:52 +0200
Much appreciated Greg. A good chance for me to get my hands dirty :)
"Greg Burns" <greg_burns@DONT_SPAM_ME_hotmail.com> wrote in message
news:%23u3bWq4mEHA.748@TK2MSFTNGP15.phx.gbl...
> Rufus,
>
> Here is the core logic of my login.aspx page. It does what you want.
>
> If you goto the login.aspx page while already logged in, it will log you
> out. (This is a nice feature, so that you can have a "sign out" link on
> every page)
>
> If you go directly to the login.aspx page (before being logged in), it
> redirects you to page of choice after logging in. (mine happens to be
> "hours.aspx")
>
> If you do login succesfully, then attempt to go to page your are not
> autherized to go to, it will redirect you back to the login page and
explain
> why. (cool)
>
> If you attempt to go to a page before logging in it will (of course)
> redirect to login page, with an explanation of what happened. (normally I
> have the error message commented out, since users already undestand they
> need to login before using site)
>
>
> Hope this isn't information overload, but there is a lot of useful stuff
> going on here that I wanted to share. :^)
>
> PS: My login.aspx page mimics hotmail's login; it has a "don't remember
> username on public computer" feature. (It did have a remember password
> checkbox also, but that is commented out here.)
>
> If anything is not clear, just ask!
> Greg
>
>
> Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
> System.EventArgs) Handles MyBase.Load
> 'Put user code to initialize the page here
>
> If Not Page.IsPostBack Then
>
> Dim returnUrl As String = Request.QueryString("ReturnUrl")
> If Not (returnUrl = Nothing) Then
>
> ' Is the user currently authenticated??
> If User.Identity.IsAuthenticated Then
> ' If YES, then they must be here because they
attempted
> to access a page
> ' that they do not have authorization to access
>
> ' throw them back to default, not where they were
trying
> to go
> ' do this in case cannot login with correct role...
> ViewState("RedirectHome") = True
> lblReason.Text = "You have arrived at the login page
for
> the following reason:<br><br>"
> lblReason.Text &= "You are not in the correct role to
> view the page that your were attempting to view.<br><br>"
> Else
> ' If NO, then they must be here because they attempted
> to access a page
> ' and they have not yet been authenticated
> lblReason.Text = "You have arrived at the login page
for
> the following reason:<br><br>"
> lblReason.Text &= "You are not currently
> authenticated.<br><br>"
> End If
> Else
> ' returnURL is blank, user must have purposefully went to
> login page
>
> ' if currently sign in, sign em out...
> If User.Identity.IsAuthenticated Then
> ' Redirect to requested URL, or homepage if no
previous
> page requested
> FormsAuthentication.SignOut()
> ' not running Session.Abandon(), Session.Clear() will
> run if sucessful sign in occurs
> ' don't see need to do it...
> 'Session.Abandon()
> 'Response.Redirect("login.aspx")
> End If
>
>
> End If
>
> ' prefill username from previous login...
> If Not Request.Cookies("RememberMe") Is Nothing AndAlso
> Request.Cookies("RememberMe").Value = "1" Then
> chkRememberMe.Checked = True
> Request.Cookies.Remove("Username")
> End If
>
> If Not Request.Cookies("Username") Is Nothing Then
> Dim sCookieValue As String =
> Request.Cookies("Username").Value
> txtUsername.Text = sCookieValue
> SetFocus(txtPassword.ClientID)
> Else
> SetFocus(txtUsername.ClientID)
> End If
>
> End If
> End Sub
>
> Private Sub LoginClick()
>
> If Not Page.IsValid Then Exit Sub
>
> ' Attempt to Validate User Credentials...
> Dim EmpID As Integer = eTime.Security.Login(txtUsername.Text,
> txtPassword.Text)
>
> If EmpID > 0 Then
>
> ' don't do a Session.Abandon, that would get
GetEmployeeDetails
> to run twice
> ' once below and again in Session_Start
> Session.Clear() ' clear any previous logins!!!
>
> ' Lookup the employee's full account details
> Dim myEmpDetails As eTime.EmployeeDetails =
> eTime.EmployeesDB.GetEmployeeDetails(EmpID)
> Session("MyDetails") = myEmpDetails ' save it away!!!
>
> If myEmpDetails.Disabled = True Then
>
> ignoreconditionvalidator1.ErrorMessage = "This account has
> been disabled."
> ignoreconditionvalidator1.IsValid = False
> Exit Sub
>
> ElseIf myEmpDetails.ForcePWDChange = True Then
> pnlLogin.Visible = False
> pnlPWDChange.Visible = True
>
> SetFocus(txtNew.ClientID)
>
> ' save EmpID in viewstate in case sits on change pwd page
> longer than session timeout...
> ViewState("EmpID") = EmpID
> ViewState("PasswordHashWithoutSalt") =
> eTime.Security.CreatePasswordHashWithoutSalt(txtPassword.Text)
> Exit Sub
> End If
>
> Authenticate(EmpID, myEmpDetails.Roles)
>
> Else
>
> ignoreconditionvalidator1.ErrorMessage = "Invalid username or
> password. Please try again."
> ignoreconditionvalidator1.IsValid = False
> SetFocus(txtPassword.ClientID)
> End If
>
>
> End Sub
>
> Private Sub Authenticate(ByVal EmpID As Integer, ByVal Roles As
String)
> ' Create a new ticket used for authentication
> ' Make the cookie persistent only if the user selects "persistent"
> login checkbox
>
> Dim ticket As FormsAuthenticationTicket = New
> FormsAuthenticationTicket(1, _
> EmpID.ToString, _
> DateTime.Now, _
> DateTime.Now.AddHours(12), _
> False, _
> Roles)
>
> Dim cookie As HttpCookie = New
> HttpCookie(FormsAuthentication.FormsCookieName)
> cookie.Value = FormsAuthentication.Encrypt(ticket)
>
> 'If (chkRememberLogin.Checked) Then cookie.Expires =
> ticket.Expiration 'not currently using this
>
> Response.Cookies.Add(cookie)
>
> If Not chkRememberMe.Checked Then
> Dim cook1 As New HttpCookie("Username")
> cook1.Expires = DateTime.MaxValue
> cook1.Value = txtUsername.Text.ToLower
> Response.Cookies.Add(cook1)
> Else
> Response.Cookies.Remove("Username")
> End If
>
> Dim cook2 As New HttpCookie("RememberMe")
> cook2.Expires = DateTime.MaxValue 'now.AddDays(1)
> If chkRememberMe.Checked Then
> cook2.Value = "1"
> Else
> cook2.Value = "0"
> End If
> Response.Cookies.Add(cook2)
>
> Dim returnUrl As String
>
>
> ' Redirect to requested URL, or homepage if no previous page
> requested (returnURL = nothing when clicked on logout)
> returnUrl = Request.QueryString("ReturnUrl")
> If (returnUrl = Nothing) Or Not ViewState("RedirectHome") Is
Nothing
> Then returnUrl = "~\hours.aspx"
>
>
> ' Don't call FormsAuthentication.RedirectFromLoginPage since it
> could
> ' replace the authentication ticket (cookie) we just added
> Response.Redirect(returnUrl, False)
>
>
> End Sub
>
> Private Sub SetFocus(ByVal clientID As String)
> Dim strjscript As String = "<script language=""javascript"">"
> strjscript &= "document.getElementById(""" & clientID &
> """).focus();"
> strjscript &= "</script" & ">" 'Don't Ask, Tool Bug
> Page.RegisterStartupScript("MYsetfocus", strjscript)
> End Sub
>
>
>
> "rufus" <heinz@online.de> wrote in message news:ci9vgf$5oc$1@online.de...
> > Hi,
> >
> > I like using RedirectFromLoginPage because it redirects back to the
> > originally requested page after successful login. However, if the
> > originally requested page was the login form then it automatically
> > redirects
> > to default.aspx.
> >
> > How can I preserve this redirection behaviour but specify a different
page
> > to redirect to (other than default.aspx)?
> >
> > Thanks in advance.
> >
> >
>
>
- Next message: One Handed Man \( OHM - Terry Burns \): "Re: AutoGenerateColumns and ViewState"
- Previous message: Mike: "Re: Print without the print dialog box"
- In reply to: Greg Burns: "Re: RedirectFromLoginPage"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
