ASP.Net web flow

views:

answers:

I am developing a large asp.net based application. Certain pages & links require user authentication. At some page, I have links and form submission for which I first need to authenticate the user. Here is an example:

In PageX I have a link L1. When user click, i check if user is authenticated or not. If not I redirect to login page. Once, the user is authenticated, I redirect back him to the PageX. But the problem is, I don't want the user to click L1 again! Instead, I want the L1 action to be executed once user is authenticated and its results displayed etc.

I am trying to have a good solution to this problem. Any idea on how to accomplish this?

+1 A:

Use Forms Authentication.

It's baked into ASP.NET and does exactly what you're talking about.

The User will click on a link. If they're not authenticated, they will be redirected to a login page (one of the parameters to the page will be the destination URL they were trying to reach). After a successful login, the User will be redirected to the page they requested instead of having to click the link again.

You also need to make sure you have your web.config set up to properly allow/deny unauthorized access to your application as described here:

Setting authorization rules for a particular page or folder in Web.config

Justin Niessner 2010-07-12 12:15:01

i am using forms authentication! But I am not using any of the Login controls provided by .net. I use my own login forms...

Abdel Olakara 2010-07-12 12:17:34

@Abdel Are you using your own HttpModules for handling the Authentication and Authorization events?

Rodrick Chapman 2010-07-12 12:28:39

@Abdel Olakara - You don't need to be using the Login controls provided by .NET. You do, on the other hand, need to make sure you have the proper authorization configuration for your application set up in the Web.config file so .NET can handle this stuff for you.

Justin Niessner 2010-07-12 12:28:55

yes, I have the web.config configured. I have the forms tag in authentication tag. But after that, what other configurations I need to do?

Abdel Olakara 2010-07-12 12:34:38

+2 A:

ASP.NET's Forms Authentication addresses this scenario. You can deny all unauthenticated users to all pages or (more commonly) deny unauthenticated users to a proper subset of pages.

Rodrick Chapman 2010-07-12 12:16:50

+1 A:

there are several way of doing it:

1, The build-in way of Form Authentication, correct me if i remembered wrong, you should be able to add your own login logic and integrate your login control with Form Authentication provider

2, assign L1 url link to query string or a session if user is not login, and add logic to your login control, redirect user when login is successful.

D.J 2010-07-12 12:49:03

I agree, and have got it working! But the problem is the L1 is a linkbutton. When user click, I call a method like ProcessL1(object sender, EventArgs e) {...} and then redirect to the appropriate page.The problem i am facing is I need this ProcessL1() executed after login

Abdel Olakara 2010-07-12 12:53:48

If that's the case, i will say, instead of putting login validation on L1 LinkButton, put the login validation check on the destination L1 button redirect to.

D.J 2010-07-12 13:28:23

ansaurus

tags:

views:

answers:

ASP.Net web flow

related questions