About

I'm Mike Pope. I live in the Seattle area. I've been a technical writer and editor for over 30 years. I'm interested in software, language, music, movies, books, motorcycles, travel, and ... well, lots of stuff.

Read more ...

Blog Search


(Supports AND)

Google Ads

Feed

Subscribe to the RSS feed for this blog.

See this post for info on full versus truncated feeds.

Quote

I would be most content if my children grew up to be the kind of people who think decorating consists mostly of building enough bookshelves.

Anna Quindlen



Navigation





<September 2017>
SMTWTFS
272829303112
3456789
10111213141516
17181920212223
24252627282930
1234567

Categories

  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  

Contact

Email me

Blog Statistics

Dates
First entry - 6/27/2003
Most recent entry - 9/23/2017

Totals
Posts - 2453
Comments - 2558
Hits - 1,984,654

Averages
Entries/day - 0.47
Comments/entry - 1.04
Hits/day - 382

Updated every 30 minutes. Last: 11:04 PM Pacific


  11:20 PM

When you use membership security in ASP.NET Web Pages Razor, you can limit access to pages so that only logged-in users can see those pages. One way to do that, as explained before, is to add a test like the following to the top of a page (or to the _PageStart.cshtml page in the protected folder):

@{
if (!WebSecurity.IsAuthenticated) {
Response.Redirect("~/Login");
}
}
If the user isn't logged in, they're redirected to the Login page (in this case, in the site's root).

Nice, but then the user still has to find their way back to the page they originally wanted. Ideally, after the user has logged in, you send them back to the original page automatically. And because they're now logged in, the gatekeeper code lets them through.

The usual way to approach this is to include a return URL address when you redirect to the login page. You can add it as a query-string value to the login URL. Then in the login page, once the user has logged in ok, you can get that return URL and jump back.

Here's an updated version of the code from above with some logic to create a return URL:

if (!WebSecurity.IsAuthenticated) {
Response.Redirect("~/Login?returnUrl=" + Request.Url.LocalPath);
}
For a URL like the following:

http://localhost/members/info.cshtml

The Request.Url.LocalPath property returns this:

/members/info.cshtml

So the URL of the redirect to the Login page looks like this:

http://localhost/Login?returnUrl=/members/info.cshtml

The login page can then return to the original page using logic like this:

if(IsPost){
var username = Request.Form["username"];
var password = Request.Form["password"];
bool rememberMe = Request.Form["rememberMe"].AsBool();

 


// Various kinds of validations and checks for user
// existence here, then ...

 


if (WebSecurity.Login(username, password, rememberMe)) {
if(!Request.QueryString["returnUrl"].IsEmpty()){
Context.RedirectLocal(Request.QueryString["returnUrl"]);
}
else{
Response.Redirect("~/"); // Goes to site home
}
}
}
Notice that the redirection back to the original page is done with the Context.RedirectLocal method. You could use Response.Redirect. But Context.RedirectLocal makes sure that redirection is performed only if the return URL is local to the site. This helps prevent someone from hacking in a complete URL that would redirect to an external site in order to try to snatch authentication tokens or what have you.

If you happen to be using the Starter Site template in WebMatrix (v2 Beta or later), the login page already has this built in. In any page that you create where you want to let the user log in and then return, make sure you add a query string when you invoke the login page, and set returnUrl to the local path of the current page, as illustrated above.

[categories]   ,

[3] |