c# - Forms Authentication: How to handle unauthorized authenticated user -

-

i trying setup basic forms authentication example.

it correctly redirecting unauthenticated users login page , on submit verifying credentials , if correct calling:

formsauthentication.redirectfromloginpage(username.text, false);

if user 1 named in authorization section page. if not bounces them login page no error.

how can redirect correctly authenticated unauthorized users specific error page or detect authorization error display error message on login page bounce back?

here web.config

   <authentication mode="forms">       <forms name=".aspxauth" loginurl="/forms/login" />     </authentication>     <authorization>       <deny users="?" />       <allow users="username1, username2" />       <deny users="*" />     </authorization>

update:

based on answers / comments / research i've got 2 working solutions.

  1. put following in page_load method of login form:

        if (request.isauthenticated && !string.isnullorempty(request.querystring["returnurl"]))     {         // unauthorized, authenticated request...          response.redirect("failedauthorization.aspx");     }

or

  1. put following in global.aspx file:

    protected void application_endrequest(object sender, eventargs e) {     if (response.statuscode == 401)     {         //use built in 403 forbidden response         response.statuscode = 403;          //or redirect custom page         //response.redirect("failedauthorization.aspx");     } }  protected void application_authenticaterequest(object sender, eventargs e) {     if (request.isauthenticated)     {         // requires asp.net >= 4.5         response.suppressformsauthenticationredirect = true;     } }

thank this!

unfortunately, 1 of things asp.net continually gets wrong. though ms , .net framework team full understand difference between authentication , authorization, still insist on treating unauthorized unauthenticated. don't know why is.

this quirk of formsauthentication module handler, in returns 401 unauthorized instead of 403 forbidden. (it doesn't http standard confuses authentication authorization in manner).

this not can override, recourse checking in login page see if logged in, , if redirected... it's not foolproof, it's 1 way handle it.

you don't version of .net you're using, if using .net 4.5 have option, use suppressformsauthenticationredirect option in article:

forms authentication: disable redirect login page


Comments

Post a Comment

Popular posts from this blog

node.js - Mongoose: Cast to ObjectId failed for value on newly created object after setting the value -

-
this question has answer here: what's mongoose error cast objectid failed value xxx @ path “_id”? 7 answers even though has been asked many times because entity has no valid objectid field. i came across situation objectid set value can casted objectid still error. the schema: var serviceschema = parammongoose.schema({ servicename:{ type: parammongoose.schema.types.objectid , ref: 'servicenames',required:true } }); pseudo code: servicefromdb=new service({servicename:'some name'}); servicefromdb.servicename='000000000000000000000001'; servicefromdb.save(function(paramerror,paramdata){ if(paramerror){ console.log('but but...',servicefromdb,paramerror) } }); the output of code is: but but... { servicename: 000000000000000000000001, _id: 55079a90286f49280364f78b } { [casterror: cast objectid faile...
Read more

[C++][SFML 2.2] Strange Performance Issues - Moving Mouse Lowers CPU Usage -

-
i've been working on making 2d map editor past 2 weeks or so, , i've run strange problem. trying optimize code, example, making functions should've been functions begin with, did made cpu usage go through roof. i've tried commenting out different sections of code thought culprits (scrolling, rendering, other calculations) no avail. think issue might trying call things within different functions, sake of making modular possible, i'd functionality. the other major change i've made since file i'm comparing i've ported variables external cpp file, since having variables global makes lot easier use within different functions. simple issue, can't life of me understand why happens. with original code, around 2-3% cpu usage. new code, around 20-35%, but, if move mouse around, it'll drop around 6-8%. tl;dr: after trying optimize code using functions, i've somehow killed performance, , found strange quirk moving mouse reduces cpu usage.. /...
Read more

ios - Possible to get UIButton sizeThatFits to work? -

-
i have been using method of resizing uibuttons depreciated, , not robust. , other reasons, want sizethatfits work uibuttons. i've read online, i'm not sure if should work (seems working some, not others, difference maybe between style, i'm using custom). here simple test code recreate issue (i put in viewdidload test, shouldn't matter, , real code part of large project): uibutton *btn = [uibutton buttonwithtype:uibuttontypecustom]; [btn settitle:@"this test long title need word wrap more single line when displayed on tiny ipod in portrait view." forstate:uicontrolstatenormal]; btn.titlelabel.linebreakmode = uilinebreakmodewordwrap; // depreciated - nothing replace it? cgrect r = btn.frame; r.origin.x = 0; r.origin.y = 0; r.size.width = 320; r.size.height = [btn.titlelabel.text sizewithfont:btn.titlelabel.font constrainedtosize:cgsizemake(r.size.width,100000) linebreakmode:btn.titlelabel.linebreakmode].height; // returns approx 86 , changes correctly ...
Read more