I've got my web.config with a few usernames and passwords and I've also got a login page that checks against these values - it either redirects to success.aspx if the uer is found or just says "username or password not found" - Really basic set up.
What I want to know/can't figure out is how to prevent the user just typing in the url of the page I want to protect. A cookie is set when the user is authenticated and presumably I need to check for that cookie on any page I want to protect.
In asp I had a bit of script on every page that checked if the cookie existed and what it's value was and either allowed access or redirected back to a login page.
How do I do this in asp.net?? Do I have to check for the cookie on every page I want to protect or there an easier way?
Thanks.Hello,
if you have used "Forms Authentification" in the common way you can check the permission to access the appropriate page in thePageLoad event with the following code:
If User.Identity.IsAuthenticated ThenYou can find a set of classes which encapsulate the user administration along with the appropriate source code at the following link:
displayCredentials.InnerHtml = "Current User :" & User.Identity.Name & "" & "<br><br>Authentication Used :" & User.Identity.AuthenticationType & ""
Else
' Back to Logon-Page
Response.Redirect("Login.aspx")
End If
Role-based authentification in C#
HTH,
0 comments:
Post a Comment