I have page where are secured by session. In case session does exists, then navigate to login page. This works fine.
Now, Let's say I am at some page like abc.aspx. Session does not exists. System navigates to th login page. So, once login, can i navigate the user to the page which was originally requested ?
Usually it is performed by adding the requested URL as a query parameter to Login page URL http://fakehost/Login?retUrl=originalpage
so app code can redirect it back. Forms authentication mechanism does it for you.
yes you can however it would be recommended to add a ReturnUrl querystring which contains the page they came from or need to go to after they logged in. you can also use Request.UrlReferrer I believe which gives you the page they came from but means if for example they came from google to your site to login and you redirect, it would go back to google.
Related
In Grails 2.5.1 application i'm using Spring security core plugin 2.0-RC5 , i would like to return back to the requested URL, for instance to access page payOnline you need to be logged in first so i redirect to the login page after the successful login i want to go to payOnline.
How this could be achieved?
To access page payOnline you need to be logged in first so i redirect to the login page after the successful login i want to go to payOnline.
1. Go to Requested page :
By default spring security stores the request url you want to access before you are redirected to the login page. After you logged in successfully you are then redirected to the page you wanted.
E.g.
User trying to access `/payOnline`
If user is not logged in redirect user to `login` page
user successfully logged in redirect to `/payOnline`
What you are asking is the default behavior of spring security core plugin.
If its not working as expected then please check if you have successHandler.alwaysUseDefault config property present in your config.groovy. If yes then remove it.
2 . Got to specific page always :
If you want to go to specific page always after login then you you can specify the controller action to which you want to go in UrlMappings.groovy pretty easily.
Just specify the controller and action to which you want to got after login like below
Lets suppose Provision Controller and payOnline action.
"/"(controller: "provision", action: "payOnline")
This will redirect all the successful login users to payOnline page.
Reference :
http://docs.grails.org/2.5.1/guide/theWebLayer.html#urlmappings
I have a page with public access, role based authentication, on it. Now when I surf to this page I see my login page, but the url is still the one of the protected page.
Why is this? Can we change this so it redirects normal to the login page?
The built in behaviour of Umbraco is to keep the protected URL in the browser and then display the login page on it. As far as I know, you can't change this behaviour out of the box, but if it bothers you, you can add a check to your login view to check of the request URL matches the URL of the login node (it shouldn't do in in your case), and do a redirect to the actual login page if they're different.
I believe this is done so that it doesn't have to redirect you once you've logged in, as you're still on the URL that you originally requested.
I'm developing a mobile application using MVC 4. And I'm securing it. The application has 2 pages ("home" and "Clientes")
When the application starts it asks me for a username and password, with this being its URL http://localhost:59170/Account/Login?ReturnUrl=%2f.
I login and go to the home page. This is the url I can see on IE http://localhost:59170/Account/Login?ReturnUrl=%2f.
From this page I go to the Clientes page. This is the url that I can see on IE http://localhost:59170/Account/Login?ReturnUrl=%2f#/Clientes. At the moment all works ok (Though url like something stranger).
The problem occurs when I press the back button on IE. It must go to the home page but I go to http://localhost:59170/Account/Login?ReturnUrl=%2f#/Account/Login?ReturnUrl=%2f where it asks me to login.
What might cause this behaviour and how do I solve it?
Each time you request a page that requires authentication, .NET will redirect you to your designated login page and append the requested URL to the URL. That way, once the user has logged in successfully it will redirect them to the page they requested automatically. In your first URL for example the return URL encoded representation of / i.e. the root/ homepage of your site
It will keep redirecting you until you have authenticated. If you don't want to have authentication on your homepage then just annotate your account controller with [Authorize] and not your home controller
Integrating WIF into regular ASP.NET 4.0 website.
I have STS setup and when I navigate to my RP website, it redirects me to STS Login page.
What I want to do is I have Home.aspx in my RP. It is a public page open to everyone. It has have a Login link. When the I click that link it takes me to the STS login page and upon logout I get redirected to Home.aspx again.
Issue:
I have set in RP's web.config to allow access to everyone to Home.aspx and Set up as the startup page. I also have it setup as Default document. But when I navigate to my site, it takes me to STS Login page.
Why doesn't it take me to home.aspx?
If I manually modify the url to go to home.aspx, it is allowing me.
Any ideas?
Update:
Found this: http://social.msdn.microsoft.com/Forums/en-US/Geneva/thread/71806907-393f-4782-9c30-971be94a2b62/
But that's really a weird workaround.
The link shows how to unprotect a page i.e. a page that can be accessed without a redirect to ADFS.
You could simply put a link on that page that goes to the ADFS login page.
When i Copy my url after logging into another browser it displays the same page instead of login page .This happens even after i close my page
Modify your session handling. The session ID should not show up in the URL (or at least not be used alone for authorization of the request).