Click here to Skip to main content
14,735,480 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
Hi,

In my web application, using form authentication. First loading login page(Login.aspx) after successful login redirect to Default.aspx form. In default page list all menus, clicking on menu the page load inside default page(Using Telerik control).
Now i am facing a issue, While user typing a direct url (Suppose one of the page name is page1.aspx) eg: Myapplication/page1.aspx the page is loading i want to restrict this.

Please suggest a solution for this.
Posted
Updated 20-Feb-20 0:11am

You can do all this in web.config with the location tag:

<location path="Page1.aspx" allowoverride="false">
   <system.web>
     <authorization>
       <deny users="?" roles="TEMP" />
       <allow roles="ADMIN, USERS" />
     </authorization>
   </system.web>
 </location>



Please see the following links for details:

https://wiki.asp.net/page.aspx/653/aspnet-webconfig--location-and-authroization-tags/[^]

ASP.NET Membership - Part 1[^]
   
Comments
Shanalal Kasim 8-Nov-12 9:23am
   
the user accessing direct url(Myapplication/page1.aspx) after successful login so authorization is not work
jim lahey 8-Nov-12 9:25am
   
that's how it's supposed to work isn't it? If a user logs in he or she has access to stuff that anonymous users don't..
Shanalal Kasim 8-Nov-12 10:01am
   
user can access that page through Default page not directly
jim lahey 8-Nov-12 10:04am
   
What do you mean?
Shanalal Kasim 8-Nov-12 10:14am
   
In default page list all menus, clicking on menu the page load inside default page(Using Telerik control). suppose user clicking on page1.aspx menu then that page will loading inside default.aspx (The browser url is Myapplication/Default.aspx this url is not changing, user clicking next menu then that page will load inside default page).
my issue is while user type any direct url(Except Myapplication/Default.aspx or Myapplication/Login.aspx) then that url will be redirect to Myapplication/Default.aspx
jim lahey 8-Nov-12 10:16am
   
What kind of Telerik control?
Shanalal Kasim 9-Nov-12 0:05am
   
Please refer this demo url
http://demos.telerik.com/aspnet-ajax/window/examples/radwindowandmdi/defaultcs.aspx
search and study "sassion variables" and site master (optional)

when logging in, use as session variable for storing login info,

every page or your master page must check for the that variable in session, if it is okay, it lets the user to load page, otherwise it redirects it to login page

in login page:

Session.add("myvarableName", "Value")

in master page, or in every page load
c#
if (Session["myvariableName"]!=Null & Session["myvariable"]!= "value") Response.Redirect("Login.aspx",true);


vb .net

if Session("myvariableName") isnot nothing and Session("myvariable") = "value"
Response.Redirect("Login.aspx",true)
end if
   
v3
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
public class NoDirectAccessAttribute : ActionFilterAttribute
{
    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        if (filterContext.HttpContext.Request.UrlReferrer == null ||
 filterContext.HttpContext.Request.Url.Host != filterContext.HttpContext.Request.UrlReferrer.Host)
        {
     filterContext.Result = new RedirectToRouteResult(new
                               RouteValueDictionary(new { controller = "Home", action = "Logout", area = "Main" }));
        }
    }
}



Then add the attribute to the controller.
   
v2
Comments
Richard Deeming 20-Feb-20 9:05am
   
That might be a sensible answer, if the OP was using MVC.

The multiple references to .aspx in the question would suggest that they were using WebForms, where this answer wouldn't work.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900