FormsAuthentication Access Rules Event

[Brandon Stalte]

I've implemented forms authentication for my application. I would like to use
access rules by creating individual web.config files in folders to
allow/disallow access to directories. My problem is when I create an access
rule for a directory to disallow a role or user, when that user in the role
attempts to access the directory they are kicked out of the application which
is fine, but the login page has the redirect url pointing back to the page
they don't have access to (i.e.
http://localhost/App1/Login.aspx?ReturnUrl=/App1/Folder1//AddLoading.aspx).
Because the login page contains the non accessible redirected url, the user
justs loops back to the login page over and over again. Is there any way to
stop this without writing code page by page to check that a user is in a
certain role or is there an event I could capture to say whenever an access
rule attempts to kick someone out of the application, redirect them to a
NoPermissions.aspx
page and have this event system wide not just per page?

 

[chris]

Brandon,

Try something like this in the LoggedIn event on the Login control::
MembershipUser currentUser = Membership.GetUser(e.UserName);
bool forceRedirect = false; // logging in from Login page, so
force redirect to previous page

if (currentUser != null)
{

FormsAuthentication.SetAuthCookie(currentUser.UserName,
false);

if (forceRedirect)
Response.Redirect(redirectPage);
}


HTH,
Chris

 

[Brandon Stalte]

Thank you for your response, but it doesn't solve my problem of going in a
constant loop. I found my problem identical to another post but that didn't
have an answer either. I attempted to solve the problem by using code in the
global.asax file under the Global_EndRequest method but id doesn't redirect
to a page I would like; instead all I continue to get is a constant loop of
attempting to login to a page I don't have permissions for.

 

[Brandon Stalte]

I've researched and found the solution to my own problem. If I put code in my
Login page's Page_Load event to check whether I'm getting thrown back to the
login page, I can direct the user wherever I need to by adding this code:

if (!Page.IsPostBack)
{
//See if user is already Authenticated.
//If so, the "Roles" cookie should exist.
HttpContext context = HttpContext.Current;
if (context.User != null &&
context.User.Identity.IsAuthenticated)
{
//Access Denied Code Here...
Response.Redirect("~/ErrorRole.aspx");
}
}