Geek Answers Handbook

C # cookie authorization

I use C # authorization using jquery cookies for my page. I set / encrypt the username and password in the cookie and on my admin page, if I recognize the cookie, then the user will log in. If not, it is redirected to the login page. The problem is that the cookie is read after the page loads, so I can manually click on the admin page, and only after a couple of seconds it will be redirected. How to prevent an admin page from loading for visitors who do not yet have a cookie? What is the right architecture for cookie authorization?

Note. I do not use ASP.NET roles or user tables. I implemented my own tables for users.

+4
source share
2 answers

I suspect you are reinventing the wheel. You do not need to use the ASP.Net membership scheme and membership scheme to take advantage of forms authentication. When the user logs in, just drop the Auth Ticket (cookie) on him and everything will be ready. Then you can simply do an admin check on the admin page.

Some suggestions below ...

Edit: I originally posted a way to store roles in Auth Ticket via UserData, but I think this is overkill for this situation.

Web.config:

<authentication mode="Forms"> <forms loginUrl="~/Account/LogOn" timeout="30" slidingExpiration="true" /> </authentication> . . . <membership> <providers> <clear /> </providers> </membership>

Send login: When the user sends his username and password, checks them and checks if they are an administrator:

 if (UserIsValid(username, pwd)) // some validation call { FormsAuthentication.SetAuthCookie(username, true); }

Admin.aspx: Finally, a quick hack to restrict access to the admin page. When the page loads, make sure user / is not an administrator:

 if (!IsAdmin(User.Identity.Name)) // some admin call Response.Redirect("Default.aspx");
+3
source

The problem is that client-side code is used to verify security. If someone completely disables JavaScript, they will never be redirected. Move the check to your server code.

+1
source

More articles:


All Articles