Response.Redirect in v2

[Mark Rae]

Hi,

I have a fairly simple site, the vast majority of which is available to
everyone on the public internet.

However, the site has one section which requires logon via the standard
username-password combination. The usernames and passwords are stored in
encrypted form in SQL Server 2000.

To prevent people trying to access the pages in the secure section, I used
to have the following code in ASP.NET v1.1:

private void Page_Load(object sender, System.EventArgs e)
{
if ((bool)Session["LoggedOn"] = = false)
{
Response.Redirect("../login", false);
}

// rest of Page_Load code
}

This, fairly obviously, checked the value of a Session variable (created in
Session_Start) and, if it was false i.e. the user hadn't logged, then it
redirected immediately to the login page without running the rest of the
code in the Page_Load event. This worked fine in ASP.NET v1.1.

However, in v2, although the Response.Redirect eventually runs, the rest of
the code in Page_Load runs too. I can get round this by inserting "return;"
after the Response.Redirect line, but I'm curious to know if this is an
example of changed behaviour from ASP.NET v1.1 to ASP.NET v2.

Any assistance gratefully received.

Mark

P.S. I'm fully aware of Forms authentication...

 

[Joerg Jooss]

Thus wrote Mark,

Hi,

I have a fairly simple site, the vast majority of which is available
to everyone on the public internet.

However, the site has one section which requires logon via the
standard username-password combination. The usernames and passwords
are stored in encrypted form in SQL Server 2000.

To prevent people trying to access the pages in the secure section, I
used to have the following code in ASP.NET v1.1:

private void Page_Load(object sender, System.EventArgs e)
{
if ((bool)Session["LoggedOn"] = = false)
{
Response.Redirect("../login", false);
}
// rest of Page_Load code
}
This, fairly obviously, checked the value of a Session variable
(created in Session_Start) and, if it was false i.e. the user hadn't
logged, then it redirected immediately to the login page without
running the rest of the code in the Page_Load event. This worked fine
in ASP.NET v1.1.

However, in v2, although the Response.Redirect eventually runs, the
rest of the code in Page_Load runs too. I can get round this by
inserting "return;" after the Response.Redirect line, but I'm curious
to know if this is an example of changed behaviour from ASP.NET v1.1
to ASP.NET v2.

Any assistance gratefully received.

You get what you've asked for ;-)

That bool parameter specifies whether a HttpResponse.Redirect() implicitly
ends the response, and you've set it to false. Both Response.Redirect("../login",
true) or Response.Redirect("../login") would do the trick.

As far as history is concerned -- http://support.microsoft.com/kb/307903/en-us
implies that this behavior has been implemented since ASP.NET 1.0.

Cheers,

 

[Mark Rae]

You get what you've asked for ;-)

That bool parameter specifies whether a HttpResponse.Redirect() implicitly
ends the response, and you've set it to false. Both
Response.Redirect("../login", true) or Response.Redirect("../login") would
do the trick.

As far as history is concerned --
http://support.microsoft.com/kb/307903/en-us implies that this behavior
has been implemented since ASP.NET 1.0.

Hmm - I'm obviously getting myself confused here! I've always used the false
overload with Response.Redirect to avoid the "Response was being terminated"
error...

Thanks for the reply.