I have an onboarding page like this www.abc.com/ welcome. On continuing users land on /set-profile image page.
There is a Submit on this page.
When users click on Submit button, if the user has come from /welcome, I want users to go to the configuration page, else I want users to go to /home.
The issue I am facing is, I tried both window.location and use history but I can't figure out how to find the "from" location.
What I am doing wrong?
You can't access the browser history from JS (that would be a security issue).
What you can do is add a query string to your /set-profile route (such as ?returnTo=/welcome) and use it for the redirection.
Related
I'm using the Blazor Server templates included with Visual Studio 2019.
In the template application that uses local authentication, When I view the page without being authenticated, the AuthorizeView tags work as expected, and the log in/out buttons on the navbar are displayed dynamically based on these tags. I am able to view the counter and weather forecast pages as a guest.
In the template application that uses Azure AD authentication, whenever I try and view a page without being authenticated, I'm redirected to the Microsoft login prompt. I'm still able to use the AuthorizeView tags to dynamically display components in the navbar, but what I want to be able to do is view the counter and weather forecast pages as a guest without getting redirected.
Is there any way to achieve this? Am I maybe missing something in App.razor?
Edit:
If I log out using the navbar link, and then navigate back with my browser, I can view the pages without authorization. But then when I refresh the page, I get sent back to https://login.microsoftonline.com/. What could be causing this? I want to view an unauthorized home page without getting redirected.
The behaviour you see is by design.
To change it you can make this change inside Startup.Configure :
services.AddControllersWithViews(options =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
//options.Filters.Add(new AuthorizeFilter(policy));
});
(and of course reduce this code to just services.AddControllersWithViews(); when you want to keep it this way.)
With this change you will have to block private pages with #attribute [Authorize] or with <AuthorizeView> and there is no automatic redirect to the login page.
can anyone tell me how to prevent secure link navigation using app.component for. Eg:- when user hit url like this http:// localhost:8888/#/login he get login screen (login HTML) after that user press login button screen navigate to user screen but when user manual ly hit link like http:// localhost:8888/#/user, screen which user get is still same login but problem is that it call all user.ts file which I want to prevent if user not login not I m trying to achieve this through app
You can use ionic's lifecycle functions like ionViewCanEnter to perform security check and prevent unauthorised navigation - Source
Something like this in you User page:
ionViewCanEnter() {
return this.authService.authenticated();
}
I have logout button on my site, When clicked their authentication is removed and they are sent back to the home page.
I was using
browserHistory.push({ pathname: '/home' });
but I noticed that if I would hit the "back" button after being logged out they would sort of go back to the previous logged in page(they would see nothing as they have no authentication).
I would like to remove the history so they can't go back.
So I tried
browserHistory.replace({ pathname: '/home' });
this also did not work.
As far as I know, it's not possible.
I'd recommend you to check user auth on pages that require users to be authenticated and redirect them to the login page using browserHistory.replace. So if the user clicks back after logout the will see login page again.
Hi It's great to see your progress while implementing optimized authentication in your app. You need to make sure that your history stack is maintained properly. I think you have always used history.push even going back. This is going to make a trouble. Try to use goBack(), go(n) for programmatically and for browser back button use replace, push where needed. You history stack should be aligned with browser back button.
There are 2 web applications, ours and the other team. The other team's web app is http://otherteam.com and our application is http://myteam.com
On http://otherteam.com webpage, they have an href link pointing to our page which is http://myteam.com/config?lang=en. When our web application(actually Marionette AppRouter's task) receives that kind of route or path, it will parse it and set the language configuration and then we have a code to redirect the user to the final webpage which is http://myteam.com/landingpage
The code that we are using is
Backbone.history.navigate('landingpage', {replace: true});
to redirect the user to the final destination.
Unfortunately, when user clicks Back button of the browser, it doesn't go back to http://otherteam.com. It will go back to http://myteam.com/config?lang=en which is still our own application. What happens is that the Marionette app router will parse it again similar to how I described it above. The user will just be brought back to http://myteam.com/landingpage
So I changed
// Backbone.history.navigate('landingpage', {replace: true})
and now I'm using
history.replaceState({}, '', 'landingpage');
When I click Back button, the url on the top bar beocmes http://myteam.com/config?lang=en, but it doesn't reload our landingpage anymore which is good. However, nothing happens to the page until I click Back button again. After making the second click on the Back button, I'm back to http://otherteam.com which is great but I had to click the Back button twice.
The problem is you are redirecting the user from the /config?lang=en to another page, so when you click back, they land on the previous page and are then redirected back to the landing page again.
The simplest solution here would be for otherteam.com to link to your landing page and pass the params to be consumed there - http://myteam.com/landingpage?lang=en. Redirecting the user multiple time is never a good idea, and almost always unnecessary.
Once you have received the lang config param, it could be an idea to save it to local storage so it can be retrieved wherever it is needed throughout your app.
I currently have a form where you put in two variables and on submit it redirects to a url like this:
http://example.com/deal_user_coupons/check_qr/$var1/4var2
but when logged in as admin it goes to:
http://example.com/albuquerque/admin/deal_user_coupons/check_qr/$var1/$var2
Which makes it show a 404 page.
I was wondering how to get rid of the admin directory slash. I tried looking in the documentation and at a few acl tutorials but nothing came close.
You can redirect form on the exact page you need using url option.
$this->Form->create('Shutk',array('url'=>array('controller'=>'my_controller',
'action'=>'my_action',
'admin'=>false)
)
);
don't forget to use in url array. this will remove admin prefix from action attribute of the form.
'admin'=>false