Within the ASP.NET framework there is built-in support for what is commonly known as Forms Authentication. Forms Authentication provides a mechanism for the pages within the website to authenticate the caller by validating data (i.e. credentials, PIN, etc) against some data store (such as a database). I won't bore anyone with a discussion on Forms Authentication as there are many references to be found and it's a pretty well-known topic. I will, however, entertain another related thought.
When using Forms Authentication, an unauthenticated user will be directed to a designated login page. ASP.NET will, in the request querystring, identify the page that was initially requested in the ReturnUrl variable thus:
http://localhost/myweb/login.aspx?ReturnUrl=%2fmyweb%2findex.aspx
Upon successful validation of the users credentials the login page will typically call the FormsAuthentication.RedirectFromLoginPage() method. This method will redirect the user to the page designated by the ReturnUrl property. Usually this is the desired and anticipated behavior.
There may be times, however, when you want to force a particular application to always (or at least to conditionally) redirect to a designated starting page regardless of the ReturnUrl value. Probably the best way to accomplish this goal is to utilize an HttpModule that performs simple url rewriting. The HttpApplication associated with the website in question has an event called AuthorizeRequest which is the prime location to perform the url rewriting. You could add a handler for this event within the global.asax's Global class (and there's really nothing wrong with this approach) but I prefer to create my own HttpModule to isolate the functionality and compartmentalize it. This is basically what it comes down to in its simplest form:
public class LoginRewriter : IHttpModule { void IHttpModule.Dispose() { } void IHttpModule.Init(HttpApplication app) { app.AuthorizeRequest += new EventHandler(authorizeRequest); } private void authorizeRequest(object sender, EventArgs e) { rewriteLoginPath(sender as HttpApplication); } private void rewriteLoginPath(HttpApplication app) { if ( !app.Request.IsAuthenticated ) { app.Context.RewritePath(“~/Login.aspx?ReturnUrl=~/StartPage.aspx“); } }}
This simple module alters the requested path for all non-authenticated requests to point to StartPage.aspx page. Therefore, despite the request (valid or invalid), upon successfully authenticating, the user will always be redirected to StartPage.aspx. The last remaining step is to wire the module up in the web.config file:
<httpModules> <add type=”MyWeb.LoginRewriter, MyWeb” name=”LoginRewriter” /></httpModules>
And there you have it...easy as pie!
Powered by: newtelligence dasBlog 2.0.7226.0
Disclaimer The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.
© Copyright 2010R. Aaron Zupancic
E-mail
E-mail