Geek Answers Handbook

What is the best way to make some pages in asp.net require login?

I am working with an asp.net website project so that some pages need authentication. I am using asp.net membership.

I read some answers. for example, make all of these pages in a folder and create an internal web.config that describes this privilege. This is one way to solve the problem, but I need a way that is more fixable and efficient.

+6
authentication membership
source share
2 answers

If you do not want to hardcode this into web.config (s), you will need to use an element such as "Base Page".

Your base class should inherit from System.Web.UI.Page and should have a method that you could call: β€œUser must be logged in” or β€œUser must be in role x” and if the user is not logged into this the role is redirected to the login page (you can get this by calling FormsAuthentication.LoginUrl ).

Your actual pages should inherit from this class, and not directly from System.Web.UI.Page. Then in something like Init or at the top of Page_Load call

base.UserMustBeLoggedIn();

or

 // Replace "AccessRole" with the name of your role base.UserMustBeInRole("AccessRole");

And let the base page handle it.

If you prefer to have access rights stored in the database, then you can move all processing to the base page and in a suitable place in the page life cycle, check the current URL on the database table, check users role / authentication as required and redirect as needed.

Note that you can create page level protection in the web configuration as follows:

 <configuration> <location path="LockedPage.aspx"> <system.web> <authorization> <!-- Deny access to anonymous users --> <deny users="?"/> </authorization> </system.web> </location> </configuration>

Additional information is available on MSDN: Location Element and Authorization Element .

+20
source share

You can try this code. In the main page load event, write this code, add a property

public bool m_bLoginRequired = true;

 public bool IsLoginRequired { get { return m_bLoginRequired; } set { m_bLoginRequired = value; } } try { // Response.Cache.SetCacheability(HttpCacheability.ServerAndNoCache); Response.Cache.SetNoStore(); if (IsLoginRequired==true) { if ( Session.IsNewSession || HttpContext.Current.Session["Username"] == null) { FormsAuthentication.SignOut(); FormsAuthentication.RedirectToLoginPage("Session Expired"); Response.End(); } } } catch (Exception ex) { throw (ex); }

Now on the login page you need to write this code

 FormsAuthentication.SetAuthCookie(this.txt_UserName.Text.Trim(), false); FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, this.txt_UserName.Text.Trim(), DateTime.Now, DateTime.Now.AddMinutes(10), false, "HR"); HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket)); cookie.Name = "jay"; Session["UserName"] = txt_UserName.Text.Trim(); Response.Cookies.Add(cookie); txt_UserName.Text = ""; txt_Password.Text = ""; Response.Redirect("HomePage2.aspx");

you can now add the pageinit event on the login page

 protected void Page_PreInit(object sender, EventArgs e) { Master.IsLoginRequired = false; }

if you want the user to be able to access an unauthorized page, then in the page event of this page

set Master.IsLoginRequired=false;

also specify loginurl in the web.config .

+3
source share

More articles:


All Articles