Within a site, tracking user's previously viewed page

Is there a way to determine what particular page a user came from within a site?

Upon login, users within a role-group will automatically be forwarded to another page. But the login page is labeled "Home". So, if a user navigates back to it, I dont want them automatically being forwarded out again.

What I was thinking is that if a person has just logged in, then they will be forwarded, but if they are already logged into the site, then there would not be a need to forward them. I was thinking page tracking might be the thing. I guess I could set up session variables to track the user, but I just wondered if there was another way. Something already built into ASP.NET.

Any ideas?
Thanks!

Cookies.. I like cookies.. But this is too permanent.

Do a Request.UrlReferrer to get the URL of the page that "called" the page where youre at.

Let's say you have two pages (home.aspx and login.aspx) then from home, you have a link that redirects to login. If you place this code in login.aspx:

Response.Write(Request.URLReferrer)

It will give you "home.aspx"

Sounds like you want to create a "breadcrumb" or track where someone has been while navigating through your website.

If you are using 2.0, you can leverage the SiteMap provider and the SiteMapPath...here is a good overview:

http://aspnet.4guysfromrolla.com/articles/111605-1.aspx

If you are not using 2.0, you will have to create this via your own code and classes, which actually isn't that difficult either.

http://www.codeproject.com/aspnet/Localized_Breadcrumbs.asp

I have written classes like this in older versions of .Net and in 2.0 when I needed more complicated approaches, etc.

I thought the term "breadcrumb" was to show the user where they are (in a site) by having a series of links to backtrack to where they came from. For my example.... If a user within a certain role is forwarded upon login... Then their breadcrumb would show.... "Home > Reports".... But if the user clicked on "Home", the way it's programmed now, they would automatically be forwarded back to "Reports".... How can I determine that they were already at "Reports" and are specifically targeting "Home"?

If reverse-breadcrumb is the technique, then how could I go about implementing that?

I get the feeling, how I have this login "Home" page coded is incorrect. Does anyone have a suggestion of a better way to forward the user within a certain role, but to do it only at login?

OK, how have you developed your Login/security infastructure? Are you using the Membership API for example? Either way I suspect you are using Forms Authentication correct? I also assume you are redirecting after Login to a Default.aspx or some landing area correct?

If so, what you can do is check the current security principal's role definitions. Such as you could use the Page.User.IsInRole() function to deem if they are an admin, some other role level, etc. Based on your findings from IsInRole, you can do a Server.Transfer or another Response.Redirect to another page, or maybe pass Context parameters, or use a query string to signal another page it needs to do something different for this user, etc.

This (http://search.msdn.microsoft.com/search/Default.aspx?query=web+security&brand=msdn&locale=en-us&refinement=00&lang=en-us)link helped me a lot on this topic.

I'm sorry about the confusion... This is the code I'm using...


If Context.User.IsInRole("Reporters") Then
Response.Redirect("~/reports/")
End If


MKoslof, this is exactly what you suggested, therefore, I guess I'm not coding the page forward incorrectly. The entire page_load code is....


Protected Sub Page_Load(..., ...)
If Context.User.Identity.IsAuthenticated Then
If Context.User.IsInRole("Reporters") Then
Response.Redirect("~/reports/")
End If
End If
End Sub


BUT, the delimma is that when the user goes back to this page, the "Home" page.... This routine will execute and kick the user back to the reports page. So, I'll need to throw in a catch of some kind, that will signal this code to NOT execute if the user came from the reports page.

Again, sorry for this run-around. MKoslof, I am sure you know that when someone asks for help, it's hard to imagine themself in someone's shoes, trying to understand what the problem is... (in other words, it's difficult to know what information is required in order to present the question)

I truely hope I have clarified the question now. :)

OK, I understand now. Let me go back to how you are authenticating? Are you using the ASP.net login controls? Why not, within the events provided by the Login Control, do your initial routing there? :).

For example, the Login Control provides a LoggedIn event or something of the like, these are events fired after the user is authenticated. So you run your code within this event. Then when the user navigates back to the home page, you don't have this response redirect code, since this "initial" redirect was handled within the actual login events which only occur during authentication.

You should be able to resolve the Principal IsInRole() properties as soon as the user is authenticated, or within the provided events.

MKoslof, you are the best!

We are on a really warm trail now... BUT, sadly this has not worked yet.

I have implemented both, Login_LoggingIn and Login_LoggedIn. In both cases the user isn't authenticated yet. It isn't until it hits the "Page_Load" routine that the user has become authenticated. So, I just need to catch the moment when it becomes authenticated and forward the user from that point. I'll jump into some research with this. Hit me back if you have any more thoughts. Hopefully I'll post my results soon. :)

Thanks for pointing me into the right direction! :)

Yes, last night after I posted that I had a few "potential concerns". One, I know I have done something similiar before, but I wasn't trying to redirect afterwards, after they had logged in I was incrementing a profile based counter or doing something in relation to who they were. I believe either way the default redirect page, or the standard default.aspx is where the login controls are going to take you - - so when you try to trap the login events and say "no we need to go here" you might get some unexpected behavior.

Regarding not being authenticated within the LoggedIn event, I don't think that is the case. The LoggedIn event is raised after the user is authenticated . The LoggingIn event is raised before authentication. There might be some cross up when attempting to use the Context at this point in time (referencing IsAuthenticated within the LoggedIn event).

If you use the LoggedIn event use this code does it return false?


Page.User.Identity.IsAuthenticated

MKoslof,
Thanks for your help with this.

What you are saying makes sense. LoggingIn before authentication, and LoggedIn after authentication.
But, yes... In the routine, LoggedIn...


Page.User.Identity.IsAuthenticated


Returns False. :(

OK, yes, this is actually going to be how it works. To be "authenticated" you need an extra roundtrip to the client to set the authentication ticket (cookies). This is why you see that behavior. So on the new page load you will get Authenticated = true.

After the login control correctly validates the user, it will call
FormsAuthentication.GetRedirectUrl to get the url which it will redirect the user toward later.

On the LoggedIn event could you pass a specific query string parameter or something of the like?


Response.Redirect(ResolveUrl("~/default.aspx?firstRun='hello'"));


Then in the page load event, read the query string which will tell you if you need to do any 'first run' activity? That or you may have to use session variables and after first run, set the value to false so you never do it again, etc

Thanks very much for everything! I have a much better understanding of how login events work. I have implemented...


Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs)
If Context.User.Identity.IsAuthenticated Then
If Not IsNothing(Session.Item("JustLoggedIn")) Then
If Convert.ToBoolean(Session.Item("JustLoggedIn")) Then
If Context.User.IsInRole("Reporters") Then
Session.Remove("JustLoggedIn")
Response.Redirect("~/reports/")
End If
End If
End If
End If
End Sub

Protected Sub Login1_LoggedIn(ByVal sender As Object, ByVal e As System.EventArgs)
Session.Add("JustLoggedIn", True)
End Sub


This works beautifully... Thanks again for working with me on this! :)