R – Asp.Net Forms Authentication browsing to Login page again after a successful Login

asp.netasp.net-2.0asp.net-membership

I have my forms authentication system working.

I found an odd behavior such that after successful Login; I was asked to Login again, if I browse to Login page from default page.

I was assuming that it should redirect me to default page since I am already authenticated.

Here's Web.config element I used:

<authentication mode="Forms">
 <forms loginUrl="login.aspx" defaultUrl="default.aspx" />            
</authentication>
<authorization> 
 <deny users="?"/>
</authorization>

Best Answer

This is the normal behavior. The login page is a regular ASP.NET webform. It will display whatever is in it.

You could add code to the Form_Load event of the login page to check if the user is already authenticated. Then, you could redirect them to the default by calling the FormsAuthentication.RedirectFromLoginPage method if that's what you are after.

Related Solutions

Redirect user to Mulitple Login Pages using ASP.NET Membership

You need to use the <location> element in your web.config. You can use the <location> tag to apply authorization settings to an individual file or directory.

<location path="/root">
  <system.web>
      <authentication mode="Forms" >
        <forms name="LoginForm" defaultUrl="default.aspx" 
        loginUrl="/root/login.aspx" protection="Encryption" 
        timeout="30" path="/"/>
      </authentication>
    <authorization>
      <allow users="?" />
    </authorization>
  </system.web>
</location>
<location path="/root/admin">
  <system.web>
    <authentication mode="Forms" >
      <forms name="formName" defaultUrl="login.aspx" 
      loginUrl="/root/admin/login.aspx" protection="Encryption"
      timeout="30" path="/"/>
    </authentication>
    <authorization>
      <allow users="?" />
    </authorization>
  </system.web>
</location>

MSDN

For centralized administration, settings can be applied in the Machine.config file. The settings in the Machine.config file define machine-wide policy and can also be used to apply application-specific configuration using <location> elements. Developers can provide application-configuration files to override aspects of machine policy. For ASP.NET Web applications, a Web.config file is located in the application's virtual root directory and optionally in subdirectories beneath the virtual root.

If you would like 1 login location and different access levels you might want to use roles.

<location path="/root">
  <system.web>
    <authorization>
       <allow roles="admin,root" />/*admin, root is allowed */
       <deny users="*" /> 
   </authorization>
  <system.web>
</location>  

<location path="/root/admin">
  <system.web>
    <authorization>
       <allow roles="admin" />/*admin is allowed */
       <deny users="*" /> 
   </authorization>
  <system.web>
</location>

Users can belong to more than one role. For example, if your site is a discussion forum, some users might be in the role of both Members and Moderators. You might define each role to have different privileges on the site, and a user who is in both roles would then have both sets of privileges.

You can access all these element at the code level if you would like to manipulate the roles/authentication programmatically

Page.User.Identity.Name
Page.User.Identity.IsAuthenticated
Page.User.Identity.AuthenticationType
Page.User.IsInRole("string");

Tutorials

4 Guys From Rolla Tutorial

The ASP.NET web.config File Demystified

C# – How to check if user is logged in or not in forms based authentication

    if(HttpContext.Current.User.Identity.IsAuthenticated)
    {

    //Redirect to Default page
    Response.Redirect("default.aspx");
    }

Best Answer

Related Solutions

Redirect user to Mulitple Login Pages using ASP.NET Membership

C# – How to check if user is logged in or not in forms based authentication

Related Topic