Click here to Skip to main content
11,436,156 members (64,776 online)
Click here to Skip to main content

Bypass ASP.NET unauthorized redirect to a login page

, 17 Mar 2009 CPOL
Rate this:
Please Sign up or sign in to vote.
How to bypass ASP.NET unauthorized redirect to a login page.

Introduction

ASP.NET makes it easy to configure Forms Authentication and Authorization, including automatically redirecting you to the login page when necessary. The problem is that it also redirects authenticated users to the login page when they attempt to access pages that they are not authorized to access. This gives you the opportunity to login as someone else, and then be automatically redirected back to the page you originally attempted to access. But, that may not be the behavior you want for authenticated users -- do your users really have multiple logins, and do they understand why they end up back at the login page?

Lots of my system users contacted me about this behavior, they thought it is a bug and needs to be fixed!

The Solution

After lots of attempts, I found an acceptable approach (for me); it is all in the Global.asax Application_EndRequest event.

Protected Sub Application_EndRequest(ByVal sender As Object, ByVal e As System.EventArgs)
    Try
       'Check if the user is Authenticated and been redirected to login page
       If Request.IsAuthenticated  _
       And Response.StatusCode = 302  _
       And Response.RedirectLocation.ToUpper().Contains("LOGIN.ASPX") _
       Then
             ' check if the user has access to the page
            If Not UrlAuthorizationModule.CheckUrlAccessForPrincipal _
                                        (Request.FilePath, User, "GET") Then
                'Pass a parameter to the login.aspx page 
                FormsAuthentication.RedirectToLoginPage("errCode=401")
                
                'Or you can redirect him to another page like AuthenticationFaild.aspx
                'Response.Redirect("AuthenticationFaild.aspx")
            End If
        End If
    Catch ex As Exception
        'Do nothing
    End Try
End Sub

Basically, I check to see if the response is a redirect to the login page and if the user has already been authenticated. Finally, I check to see if the user does not have access from the original requested page. If all of those conditions are true, then I redirect them to the login page with parameters to indicate it's an authorization redirect.

Anyway, I hope this helps someone.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Ala Hamad
Software Developer (Senior) LexisNexis
United States United States
No Biography provided

Comments and Discussions

 
Generallogin.aspx Pin
Ajay Kale New27-Sep-10 1:26
memberAjay Kale New27-Sep-10 1:26 
Questionre automatic redirection to Login.aspx Pin
Ajay Kale New9-Sep-10 3:32
memberAjay Kale New9-Sep-10 3:32 
Generalat least you tried. Pin
Donsw10-Apr-09 8:13
memberDonsw10-Apr-09 8:13 
GeneralMy vote of 1 Pin
nsimeonov24-Mar-09 13:25
membernsimeonov24-Mar-09 13:25 
GeneralThe Login.aspx is configurable Pin
TimMerksem24-Mar-09 7:19
memberTimMerksem24-Mar-09 7:19 
GeneralRe: The Login.aspx is configurable Pin
Ala Hamad24-Mar-09 9:01
memberAla Hamad24-Mar-09 9:01 
GeneralRe: The Login.aspx is configurable Pin
TimMerksem26-Mar-09 7:13
memberTimMerksem26-Mar-09 7:13 
GeneralRe: The Login.aspx is configurable Pin
Ala Hamad26-Mar-09 7:54
memberAla Hamad26-Mar-09 7:54 
GeneralRe: The Login.aspx is configurable Pin
TimMerksem26-Mar-09 7:57
memberTimMerksem26-Mar-09 7:57 
GeneralRe: The Login.aspx is configurable Pin
Michael J. Collins24-Jun-09 5:34
memberMichael J. Collins24-Jun-09 5:34 
GeneralRe: The Login.aspx is configurable Pin
Ala Hamad17-Aug-09 11:35
memberAla Hamad17-Aug-09 11:35 
GeneralNew Code Pin
Fabio Galante Mans17-Mar-09 9:26
memberFabio Galante Mans17-Mar-09 9:26 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Terms of Use | Mobile
Web02 | 2.8.150428.2 | Last Updated 17 Mar 2009
Article Copyright 2009 by Ala Hamad
Everything else Copyright © CodeProject, 1999-2015
Layout: fixed | fluid