URL Redirection

I'd suggest reading this article. The code is in the marketplace for download. We've done some customization to it though to allow for https/http and passing the URL parameters through.

Brenden, I did see that article before posing the question here. A key think is that I am looking for a way to redirect a user who is authenticated and limit their use of the site.

From looking through various docs, I think I should implement a Customer Handler for the RequestEvents.PostAuthorize - in the handler I check if the user is athenticated and if they need to be redirected (ie. if they are on the right page they should not be redirected - infinite loop).

Ok so when do you force them to this page? Only on authentication?

Secondly, are the users doing any editing on the site or just users on the site who have roles assigned to them to view, for example, account information? Reason I ask is Kentico already has a "starting url/path" for content editors.

It's to force live site users to go through sign-up wizards depending on their user type. So, they do not have access to the backend, and it's not really a permanent starting url / path. The idea is they can only use the Wizard until they go through the whole thing.

I've written block in the RequestEvents.PostAuthorize event and it appears to work - I just need to see what happens to other elements that may be linked (ie. what if media library images are linked to the wizards). For the initial page it does appear to work.

I think you're looking too deep into this. Simply use the SecurityEvents.Authenticate.Execute global event. When the user is authenticating, do a look up and see if they have a value in the field, if not, redirect them. If you can't do it in a global event, then clone the custom logon form and do it there.

Brenden,

I hear what you are saying, but doing this on authentication will only redirect them at that time. Nothing to stop the user once they are redirected to visit another page by manually typing the URL. By doing it in the RequestEvents.PostAuthorize it will be triggered on each page and hence if they have typed in a different url they will be sent back to the Wizard.

It's an odd requirement in that anonymous users have basic access to the site, whilst members have more detailed info - this is controlled using Roles in the web parts to display the additional info. Visitors need to be able to sign-up automatically but need to complete the wizard hence why the idea is to restrict them from visiting any page until the wizard is complete.

I think I am on the right track given the requirements above. Just not sure I'm using the right Request event - perhaps the RequestEvents.Authenticate is a better place?

I agree with Brenden on adding a webpart to the master page that handles redirecting the user, this is similar to how the Group Security Access web part works if you want an example to look at.

Just to update, the Web Part is the right way to go since the code will only be executed once for each page request (using the RequestEvents.PostAuthorize could cause issues for other elements on the page - ie. if you try to display a media library image on a wizard page).