Click here to Skip to main content
15,867,568 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
Hi,

In my web application, using form authentication. First loading login page(Login.aspx) after successful login redirect to Default.aspx form. In default page list all menus, clicking on menu the page load inside default page(Using Telerik control).
Now i am facing a issue, While user typing a direct url (Suppose one of the page name is page1.aspx) eg: Myapplication/page1.aspx the page is loading i want to restrict this.

Please suggest a solution for this.
Posted
Updated 19-Feb-20 23:11pm

You can do all this in web.config with the location tag:

HTML
<location path="Page1.aspx" allowoverride="false">
   <system.web>
     <authorization>
       <deny users="?" roles="TEMP" />
       <allow roles="ADMIN, USERS" />
     </authorization>
   </system.web>
 </location>



Please see the following links for details:

https://wiki.asp.net/page.aspx/653/aspnet-webconfig--location-and-authroization-tags/[^]

ASP.NET Membership - Part 1[^]
 
Share this answer
 
Comments
Shanalal Kasim 8-Nov-12 9:23am    
the user accessing direct url(Myapplication/page1.aspx) after successful login so authorization is not work
jim lahey 8-Nov-12 9:25am    
that's how it's supposed to work isn't it? If a user logs in he or she has access to stuff that anonymous users don't..
Shanalal Kasim 8-Nov-12 10:01am    
user can access that page through Default page not directly
jim lahey 8-Nov-12 10:04am    
What do you mean?
Shanalal Kasim 8-Nov-12 10:14am    
In default page list all menus, clicking on menu the page load inside default page(Using Telerik control). suppose user clicking on page1.aspx menu then that page will loading inside default.aspx (The browser url is Myapplication/Default.aspx this url is not changing, user clicking next menu then that page will load inside default page).
my issue is while user type any direct url(Except Myapplication/Default.aspx or Myapplication/Login.aspx) then that url will be redirect to Myapplication/Default.aspx
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
public class NoDirectAccessAttribute : ActionFilterAttribute
{
    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        if (filterContext.HttpContext.Request.UrlReferrer == null ||
 filterContext.HttpContext.Request.Url.Host != filterContext.HttpContext.Request.UrlReferrer.Host)
        {
     filterContext.Result = new RedirectToRouteResult(new
                               RouteValueDictionary(new { controller = "Home", action = "Logout", area = "Main" }));
        }
    }
}



Then add the attribute to the controller.
 
Share this answer
 
v2
Comments
Richard Deeming 20-Feb-20 9:05am    
That might be a sensible answer, if the OP was using MVC.

The multiple references to .aspx in the question would suggest that they were using WebForms, where this answer wouldn't work.
search and study "sassion variables" and site master (optional)

when logging in, use as session variable for storing login info,

every page or your master page must check for the that variable in session, if it is okay, it lets the user to load page, otherwise it redirects it to login page

in login page:

Session.add("myvarableName", "Value")

in master page, or in every page load
c#
C#
if (Session["myvariableName"]!=Null & Session["myvariable"]!= "value") Response.Redirect("Login.aspx",true);


vb .net

VB
if Session("myvariableName") isnot nothing and Session("myvariable") = "value"
Response.Redirect("Login.aspx",true)
end if
 
Share this answer
 
v3

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900