Codesnip: Redirecting a User to a Specific Page with Forms Authentication
page 1 of 1
Published: 08 Jun 2005
Unedited - Community Contributed
In most cases, when using Forms Authentication, redirecting a user to their originally requested page, or default.aspx, is the desired action. However, there may be times where you want to redirect a user to a specific page based on role membership, or to enforce a password change, or for some other reason. This codesnip will show you how to do so.
by Richard Dudley
Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 23590/ 14


When using Forms Authentication, redirecting the user to default.aspx after login is usually good enough. In some cases, we may want to redirect the user to a page other than default.aspx. Such cases may include redirecting the user to a page based on role membership, or to force a password change after an initial login. Fortunately, versions 1.1 and 2.0 of the .NET Framework have built-in functionality for doing this.

The standard method to call after a successful Forms Authentication login is RedirectFromLoginPage(). This method creates the Forms Authentication Ticket, adds the encrypted cookie to the Response object, and redirects the user. If the user had originally requested another page, the redirection will be to that page; otherwise it will be to default.aspx. When using ASP.NET 1.1, you can instead redirect the user to a specific page with the following code:

Listing 1: SetAuthCookie

'Validate User Login Information first
'If the user login information is valid

The second parameter of the SetAuthCookie method specifies whether or not the cookie should be persistent. You would set this parameter to true so that users don’t have to log in with each visit. SetAuthCookie creates a basic FormsAuthenticationTicket for the supplied username, and adds the ticket to the cookies collection of the Response object. Read more about SetAuthCookie method on MSDN.

If you need to add custom user data to the ticket, do not use the SetAuthCookie method. Instead, you’ll need to create a custom FormsAuthenticationTicket, add the ticket to the cookies collection of the Response object, and then call the Response.Redirect method.

The code shown in Listing 1 will also work in ASP.NET 2.0, which is very useful as it allows you to redirect users on a conditional basis. A new Forms Authentication property has been introduced in version 2.0 of the Framework, which will set the default redirect page. In the Web.config file, you can specify a defaultUrl property as shown below:

Listing 2: defaultUrl in Web.config

<authentication mode="Forms">   
    <forms loginUrl="member_login.aspx" defaultUrl="index.aspx" />

When called in ASP.NET 2.0, the RedirectFromLoginPage() method will now redirect the user to the page specified in the defaultUrl property (or default.aspx if no defaultUrl is specified), if the user had not initially requested another page. You still have the option of using the code in Listing 1 to redirect special cases as well. Read more about the defaultUrl property on MSDN.

Please note that this code was written for the Beta 2 version of the 2.0 Framework, and there may be changes in the production version of the Framework.

User Comments

Title: Curious   
Name: Frank C.
Date: 2009-10-29 5:40:41 PM
I may not be adequately knowledgeable in ASP (new to Windows environments) I appreciate the information provided on this post regarding the SetAuthCookie() method. Just wondering if there is a similar object method in classic ASP (that is, in VBscript).

I would like to use such a method in the achg.asp script of the IISADMPWD package, which I have employed for changing expired passwords in a web app site other than Exchange/OWA environment.

Thank you for the post; it has given me something to think about.
Title: Thanks   
Name: Stephanie
Date: 2008-11-29 3:01:33 PM
Thanks so much. This is a big help!
Title: Ms   
Name: Patricia Marchand
Date: 2007-08-05 4:51:40 AM
I am new to asp.
I am really a Visual Basic (versions 3 to 6) programmer.

I am encountering serious problems because there seem to be no reference manuals to tell me what to use such as the 'redirect'
If you of any manual which does not go around the world and just give you straight answer please let me know!

Your site is great for people like me, it is helping me.
Thank you.

Title: Just want to know   
Name: Chandrakant
Date: 2007-06-29 2:21:44 PM
Hello its unclear to me. suppose if i have four pages in my site and i want to go from page 1 to page 4 i have a button on page 1. but page 4 is accessible only to specific user. Now i authenticate the user for page 1. but when user clicks the button on page 1 to go to page four how do i authenctiacte him??
what i am trying to say is how do i authenticate a user foe every page.
First time i request page 1 i am send to login and my credentials are matched ad i am send to page 1. Now from page 1 i need to go to page 4 but i am not authorized for page 4 but i am already authenticated for page 1. So h9ow do i go to page 4??
Title: Just what I needed   
Name: Ola
Date: 2006-03-01 7:05:06 AM
Thanks for the post. It saved me a lot of time.
Title: Problem with 2.0 Framework   
Name: Richard Dudley
Date: 2006-01-13 9:09:22 AM
I'm not sure you can use VS .NET 2002 with the 2.0 framework. I think you need to use VS 2005 for that.
Title: problem with framework 2.0   
Name: MK
Date: 2006-01-13 3:34:52 AM
Yes, I had used the defaultUrl property of the Forms Authentication method using Framework 2.0 Beta version. But, when I installed the framework 2.0, the same is not working. In the error message it shows wrong attribute "defaultUrl" and says it is using framework 1.0

I am using Visual Studio.Net 2002
Title: thanks   
Name: madhav
Date: 2005-12-31 4:20:15 AM
hi! I just wanted to learn exactly how you redirect to a page of your choice from a login page........most websites do talk about forms authentication but never talk about this important feature.
Title: Thanks for the help   
Name: Bob C.
Date: 2005-09-05 3:46:59 PM
Can't wait to get ASP2.0 going. Seems much improved...
Title: Found an alternative...   
Name: Praveen.K.Prasad
Date: 2005-08-22 1:30:33 AM
I hav not tested it...
But I'm in need of such a thing

I did it just by


Thanx for the snip

Product Spotlight
Product Spotlight 

Community Advice: ASP | SQL | XML | Regular Expressions | Windows

©Copyright 1998-2024  |  Page Processed at 2024-04-14 1:06:27 AM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search