tags:

views:

145

answers:

6
Q: 

How do you make the user stay on a particular page of a website?

So here is what i am trying to achieve

When a user logs in and his password has expired, i redirect him a change password screen. I would like the user to change his password prior to going to other links in a menu

I want to redirect back to this changepassword.aspx when ever he attempts to leave, unless he changes his password

So how do I do this? and more importantly where?

Thanks for the help!

EDIT: I know we can use response.redirect, but it cant be used in the Unload operation

EDIT: ok i am not asking this right, i need help in keeping the user on the page - how do i do that and which part of the page [load, unload, etc]

A: 

Set a flag in the user's session indicating that they need to change their password, then check that flag from all your other pages and redirect them to the change-password page if necessary.

Mike Daniels  2009-05-13 23:28:22
+6  A: 

Please don't do that. That kind of PITA UI is very irritating. Just expire their password and then fail their access if they don't change it.

Don't treat your users like children (unless they really are children and maybe not even then)

Edit: Made this a Community answer, as I'm just preaching not answering ;-)

Tim Jarvis  2009-05-13 23:28:34
Unfortunately the client wants it that way, so if the user's password has expired then he wants them to change it before anything else.
thisismydisplayname  2009-05-13 23:31:11
thanks for the point of view though :)
thisismydisplayname  2009-05-13 23:35:58
The thing your client will need to have explaining, is that it's the user's perogative to do something else - if they just give up and turn off their machine, there is nothing you can do about that. Just be content that if their password has expired, they can't access anything else on your site - in the bad old days of the web, you could keep spawning new windows as a user shuts one down, but thankfully those days are mostly behind us. Sorry. As you've found out, the only "reliable" indication the user is going is the Unload event, and by then it's too late, unless pop-ups are enabled...
Zhaph - Ben Duguid  2009-05-13 23:56:58
Also, you'll need some way to work out whether the unload event is fireing because the user has closed the browser, or because they have successfully changed their password, and are moving on to the next page - otherwise you'll end up spawning more pages as they try to continue.
Zhaph - Ben Duguid  2009-05-13 23:58:46
+1  A: 
  1. Set a session var if they need to change their password
  2. On every pageload check for that session and if it exists (and they're not on the password change screen), redirect.
Oli  2009-05-13 23:28:49
This is the simplest solution.
Rex M  2009-05-13 23:31:41
No no no. Do it in Global.asax. Putting it in every page load event is reddiculous.
Boo  2009-05-13 23:32:31
I really didn't mean the literal pageload event. Bad typo.
Oli  2009-05-13 23:33:58
@boo you can put it on every pageload event from a module or base page class. This answer clearly leaves room for intelligent implementations. No reason to downvote.
Rex M  2009-05-13 23:47:33
A: 

I'd set a variable in his session, then in your Global.asax Application_BeginRequest event check for the Session variable and redirect if needed.

Boo  2009-05-13 23:29:46
+2  A: 

Explained: Forms Authentication in ASP.NET 2.0

"This module explains how forms authentication works in ASP.NET version 2.0. It explains how IIS and ASP.NET authentication work together, and it explains the role and operation of the FormsAuthenticationModule class."

In the web.config, I have the authorization section saying

<authorization>
  <deny users="?"/>
  <allow users="*"/>
</authorization>


<location path="ChangePassword.aspx">
  <system.web>
    <authorization>
      <allow users="*"/>
    </authorization>
  </system.web>
</location>
CodeToGlory  2009-05-13 23:33:30
+1  A: 

We used to use a masterpage on our site and in the Page_Load event of that, we redirect the user to our changepassword.aspx page.

We also used (or abused, depending on your viewpoint) the Profile element of asp.net membership and simply set a MustChangePassword entry to true in it. It means that when they log-in, you can see if the MustChangePassword entry is set in their profile and redirect to the change password page. It certainly keeps them on the page.

People are right to suggest that sticking it in every page load is silly but the overhead is tiny to check one element in the users profile and you at least can force currently logged in users to change their password.

Neil Trodden  2009-05-13 23:45:37

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps