detecting asp.net redirecting users to login page

Question

i have a directory in my website that is protected from anonymous users. my web.config looks like this

<location path="members">
 <system.web>
  <authorization>
   <allow roles="members" />
   <deny users="*" />
  </authorization>
 </system.web>
</location>

if anonymous users try to access pages in the "/members" directory they will be redirected to the login page.

from the codebehind on the login page, is there a way to tell the difference between a user being redirected this way versus the user manually going to the login page? (either by typing in the url or clicking on a link to the login page)

i know the web is stateless so perhaps these two requests are indistinguishable

if it's not possible to distinguish between the two, is there a way to intercept what happens before .net decides to redirect the user because of an unauthorized access attempt?

note: i can't use the "ReturnUrl" in the querystring because i will decorate it the same way

Answer 1

You can check "Referrer" request header

The Referer[sic] request-header field allows the client to specify, for the server's benefit, the address (URI) of the resource from which the Request-URI was obtained (the "referrer", although the header field is misspelled.)

But browser can lie about referrer. Also look at this article, it provides some examples about unauthorized access and it contains completely description how asp.net authorization works.

Answer 2

Aside from checking the Referer, you could also check the query string for the "ReturnUrl" property. Which would indicate that Asp.Net had redirected the user. Again it's not 100% though.