C# Tutorials and offshore development in India
    Tutorials   Resources   Forum   Reviews   Communities   Interview   Jobs   Projects   Training   Your Ad Here    
Silverlight Games | Mentor | Code Converter | Articles | Code Factory | Computer Jokes | Members | Peer Appraisal | IT Companies | Bookmarks | Polls | Revenue Sharing | Lobby | Gift Shop |


Prizes & Awards
My Profile



Active Members
TodayLast 7 Days more...




Resources » Articles » ASP.NET/Web Applications »

URL rewriting When FormsAuthentication enabled


Posted Date: 07 Mar 2005    Resource Type: Articles    Category: ASP.NET/Web Applications
Author: subhankarMember Level: Bronze    
Rating: 1 out of 5Points: 10



URL rewriting

URL rewrite is the process of intercepting an incoming Web request and redirecting the
request to a different resource. When performing URL rewriting, typically the URL being requested is checked and,
based on its value, the request is redirected to a different URL.

For example, in the case where the web site support multiple URL (customized) and in turn ultimately transfer to
a specific Page to process the request.OR maybe you have a bunch of Web pages that were moved from one directory or
website to another, resulting in broken links for visitors who have bookmarked the old URLs.

Forms Authentication



Form authentication is the process of authenticating and persisting the user info in a form field or cookie for
further access to the application. ASP.NET provides FormAuthetication modules to do the process and create ticket
for the authenticated user. The module also provides static method to create cookie and redirecting the user to the
requested page.

The articles tell,how to do the URL rewrite when you are using form authentication module supported by
ASP.NET.



With classic ASP, the only way to utilize URL rewriting was to write an ISAPI filter
or to buy a third-party product that offered URL rewriting capabilities. With Microsoft® ASP.NET, however, you can easily create your own URL rewriting software in a number ways.

Before we go into details of code lets first have a brief look into the "What Happens When a Request Enters the ASP.NET Engine

So when a request comes in for a Web page named EmployeeInfo.aspx, IIS routes the message to the aspnet_isapi.dll ISAPI extension. The aspnet_isapi.dll ISAPI extension then hands off processing to the managed ASP.NET worker process, which processes the request, returning the ASP.NET Web page's rendered HTML.



So during the lifetime of a request the ASP.NET engine fires series of events signaling its change from one state of processing to another. This events delegates the request to various handlers defined the Httpmodule



For example,
BeginRequest event is fired when the ASP.NET engine first responds to a request. The AuthenticateRequest event fires next, which occurs when the identity of the user has been established. (There are numerous other events—AuthorizeRequest, ResolveRequestCache, and EndRequest, among others. These events are events of
the System.Web.HttpApplication class.

So for URL rewriting the first choice comes is to do the rewriting in the handler of the BeginRequest event. But again implementing URL rewrite in the BeginRequest has a flaw is that every a request comes the request will be rewritten again even though it is a respond to a button click of the actual URL. Although you can implement your own logic to avoid this rewrite like check for the query string and do the rewrite based on the query string values but again it involves complexity in case of Forms authentication enabled.



What happen when Forms Authentication is enabled?



By default ASP.NET provides the various Httpmodules to do the authentication and authorization which are defined in the machine.config file. You can write your own custom module by including the following tags in config file.

<httpModules>
<add type="type" name="name" />
</httpModules>



When web.config file has value Forms authentication then the event
AutheticateRequest will be fired after the BeginRequest
and it will call the handler Application_FormAuthetication written in the module
System.Web.Security.FormsAuthenticationModule.
This class provides various static method to do the processing like creating authentication cookie redirecting to the requested URL.So whenever a request comes to an application where Forms authentication is enabled the requests goes into http modules and tries to find out the authenticated ticket if the user who has requested the page does not have authenticated ticket then it changes the requested URL into a login URL defined in the config file.



So when you are doing URL rewriting the first choice will not be the Begin request handler as for the first time the request comes the request will be rewritten and FormAuthetication will not get the valid ticket it will then change the requested URL.



Where is the Best place to do URL rewrite when FormAuthentication enabled?



Logically the way to do the URL rewriting in case of Form Authentication is to rewrite the path after the Forms authentication process the request. The ideal way is to rewrite the path when Authorize request event is fired.

So you can include a separate http module for authorize request and write the handler to rewrite the path or you can include the handler in the global.asax file.



Public abstract class ModuleRewriter:IHttpModule

{ 
public 
virtual void Init(HttpApplication app) 
{
 
app.AuthorizeRequest += new EventHandler(this.
ModuleRewriter_AuthorizeRequest); 
}


protected 
virtual void BaseModuleRewriter_AuthorizeRequest( object 
sender, EventArgs e)
{
 HttpApplication app 
= (HttpApplication) sender; 
 Rewrite(app.Request
.Path, app); 
} 
protected abstract void Rewrite
(string requestedPath, HttpApplication app);
}

The Rewrite method :

protected override void Rewrite(string requestedPath, 
System.Web.HttpApplication app)
{ 
if(!app.
IsAuthenticated) 
    {

       //Put your logic 

for rewriting the path.
      
Context.RewritePath("~/LoginPage.aspx?ReturnUrl=~/
DefaultPage.aspx")
    }
}


The rewrite method checks for the IsAuthenticated flag of the request in order to by pass the rewrite path once the request has been authenticated in the login page.The check of IsAuthenticated is important in case you use “FormAuthentication. ReditrectFormLoginPage” to transfer the request back to the original page after the rewrite appens. If you are not checking the flag then the request will again goes through the module and rewrite the path to process the
request.In the return URL you can specify the actual page name to be transferred once the user has successfully authenticated through the login page.Form authentication uses
the ReturnUrl parameter and redirects the user to the page.

So in the Login page will have :

Login.aspx 




private void btnLogin_Click(object sender, System.EventArgs e)

{

  if(IsAuthenticated(txtLoginName,txtPassword))

  { 
    // Transfer the request back to the requested page.

    

FormsAuthentication.RedirectFromLoginPage(strLoginName,false);

  }
else
 {

  // shows the error message to the user 

   lblError.txt = “User credentials are 
not valid”;
 }
}


Responses

No responses found. Be the first to respond and make money from revenue sharing program.

Feedbacks      
Popular Tags   What are tags ?   Search Tags  
Sign In to add tags.
(No tags found.)

Post Feedback


This is a strictly moderated forum. Only approved messages will appear in the site. Please use 'Spell Check' in Google toolbar before you submit.
You must Sign In to post a response.
Next Resource: Save The Image Into SQL Server 2000 Database
Previous Resource: Web-based Path Tracking Control: An ASP.NET Implementation
Return to Discussion Resource Index
Post New Resource
Category: ASP.NET/Web Applications


Post resources and earn money! 		 
More Resources


dotNet Slackers

About Us    Contact Us    Privacy Policy    Terms Of Use