I have a validation (authentication) problem within my ASP.NET application - I use FormsAuthentication with cookies enabled, however because of security reasons I am forced to ALSO use another, external source of authorization (which basing on username/password combination gives user "sessionID")
Application works fine when user logs in using his username/password credentials (thus, obtains sessionID). However, because of the cookies enabled, login page can be 'skipped' (user is redirected to default.aspx) and he wont obtain proper sessionID.
My question is whether there exists a possibility to check if user
a) came from login page (thus, has been redirected to default.aspx)
OR
b) formsAuthentication was performed basing on cookie data, not on username/password
Yes you can check what page a user came from using "request.UrlReferrer.ToString" and compare it to your login page URL.