About

I'm Mike Pope. I live in the Seattle area. I've been a technical writer and editor for over 30 years. I'm interested in software, language, music, movies, books, motorcycles, travel, and ... well, lots of stuff.

Read more ...

Blog Search


(Supports AND)

Google Ads

Feed

Subscribe to the RSS feed for this blog.

See this post for info on full versus truncated feeds.

Quote

I have never let my schooling interfere with my education.

— Mark Twain



Navigation





<June 2021>
SMTWTFS
303112345
6789101112
13141516171819
20212223242526
27282930123
45678910

Categories

  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  

Contact Me

Email me

Blog Statistics

Dates
First entry - 6/27/2003
Most recent entry - 6/6/2021

Totals
Posts - 2636
Comments - 2645
Hits - 2,383,127

Averages
Entries/day - 0.40
Comments/entry - 1.00
Hits/day - 363

Updated every 30 minutes. Last: 12:33 PM Pacific


  11:20 PM

When you use membership security in ASP.NET Web Pages Razor, you can limit access to pages so that only logged-in users can see those pages. One way to do that, as explained before, is to add a test like the following to the top of a page (or to the _PageStart.cshtml page in the protected folder):

@{
    if (!WebSecurity.IsAuthenticated) {
        Response.Redirect("~/Login");
    }
}

If the user isn't logged in, they're redirected to the Login page (in this case, in the site's root).

Nice, but then the user still has to find their way back to the page they originally wanted. Ideally, after the user has logged in, you send them back to the original page automatically. And because they're now logged in, the gatekeeper code lets them through.

The usual way to approach this is to include a return URL address when you redirect to the login page. You can add it as a query-string value to the login URL. Then in the login page, once the user has logged in ok, you can get that return URL and jump back.

Here's an updated version of the code from above with some logic to create a return URL:

if (!WebSecurity.IsAuthenticated) {
     Response.Redirect("~/Login?returnUrl=" + Request.Url.LocalPath);
}

For a URL like the following:

http://localhost/members/info.cshtml

The Request.Url.LocalPath property returns this:

/members/info.cshtml

So the URL of the redirect to the Login page looks like this:

http://localhost/Login?returnUrl=/members/info.cshtml

The login page can then return to the original page using logic like this:

if(IsPost){
    var username = Request.Form["username"];
    var password = Request.Form["password"];
    bool rememberMe = Request.Form["rememberMe"].AsBool();

    // Various kinds of validations and checks for user 
    // existence here, then ...

    if (WebSecurity.Login(username, password, rememberMe)) {
        if(!Request.QueryString["returnUrl"].IsEmpty()){
            Context.RedirectLocal(Request.QueryString["returnUrl"]);
        }
        else{
            Response.Redirect("~/"); // Goes to site home
        }
    }
}

Update (2018 Jul 29)  Someone has noted in the comments that in ASP.NET MVC (.NET Core 2.0+), RedirectLocal is a method on the base page, not on HttpContext, as it was when I wrote this. See the docs.

Notice that the redirection back to the original page is done with the Context.RedirectLocal method. You could use Response.Redirect. But Context.RedirectLocal makes sure that redirection is performed only if the return URL is local to the site. This helps prevent someone from hacking in a complete URL that would redirect to an external site in order to try to snatch authentication tokens or what have you.

If you happen to be using the Starter Site template in WebMatrix (v2 Beta or later), the login page already has this built in. In any page that you create where you want to let the user log in and then return, make sure you add a query string when you invoke the login page, and set returnUrl to the local path of the current page, as illustrated above.

[categories]   ,

[4] |