Below is the following code I have for properly redirecting a user to an authenticated page
string baseUrl = Request.Url.Scheme + "://" + Request.Url.Authority + Request.ApplicationPath.TrimEnd('/');
UrlBuilder url = new UrlBuilder(baseUrl + returnUrl);
Global.UrlRewriteProvider.ConvertToInternal(url, out page);
if (page != null && page is PageReference)
// make sure EPiServer authenticates the user
EPiServer.Security.PrincipalInfo.CurrentPrincipal = EPiServer.Security.PrincipalInfo.CreatePrincipal(mu.UserName);
PageReference reference = (PageReference)page;
string URL = string.IsNullOrEmpty(XavierPortalConstants.ErrorPage) ? "\\" : XavierPortalConstants.ErrorPage;
URL += "?" + XavierPortalConstants.ErrorCode + "=" + XavierPortalConstants.ErrorCode609;
For the bolded text, is this the best way to initialize the current principal or does anyone see this as any foreseeable issues with this approach? I ask because once logged in, the current user isn't recognized as being authenticated and I need that information on the login page to check if that user has the access to the page that they are getting redirected to. All suggestions welcomed.
Im not sure I understand what your after but
Why don't you just let the user login. In the login page you hook up to the logincontrols loggedin event. There you can perform your user right check and do any custom redirects.
But if you have user click on a link like http://www.yoursite.com/securefolder/cms/util/login.aspx?returnurl=/path/to/page and the user doesn't have access to the page episerver will throw an error and show an error page.
If you google a bit you will find information on how to setup your own custom error pages in episerver.
Thanks. I will take that into consideration.