Geek Answers Handbook

Check session on each page?

I am new to .NET. I am creating a site on which there is an admin section that should only be visible to log in. I created a login code, and as soon as the user is authenticated, I will then assign them a session variable. My question is: is there a more efficient way to check the session variable, and not on the next page on the next page?

protected void Page_Load(object sender, EventArgs e) { checkSession(); } public void checkSession() { if (Session["LoggedIn"] != "true") { Response.Redirect("default.aspx"); } }

Thank you!

+6
source share
8 answers

if you use MasterPage , you can put the control code in the MasterPage Page_Load event, if you do not use either Global.asax or the custom HttpModule , and put the reading code in the AcquireRequestState event AcquireRequestState for the first and PostRequestHandlerExecute event handler for the second

Exmaple with Global.asax

 public class Global : System.Web.HttpApplication { ... void Application_AcquireRequestState(object sender, EventArgs e) { HttpContext context = HttpContext.Current; // CheckSession() inlined if (context.Session["LoggedIn"] != "true") { context.Response.Redirect("default.aspx"); } } ... }
+5
source

You should probably consider using authentication:
http://www.asp.net/web-forms/videos/authentication/using-basic-forms-authentication-in-aspnet

You can configure the page or folder to always require authorization, so the runtime will fulfill this requirement, and not manually.

+3
source

Derive your pages from a custom class that is derived from a page

override boot method by adding session verification code

now all your pages have validation

 public class MyPage : System.Web.UI.Page protected void Page_Load(object sender, EventArgs e) { if (Session["yoursession"] != "true") { //code } } public class yourCustomPage1 : MyPage { protected void Page_Load(object sender, EventArgs e) { //you don't have to check or call any method.. } } public class yourCustomPage2 : MyPage { protected void Page_Load(object sender, EventArgs e) { //you don't have to check or call any method.. } }

etc...

+2
source

You can make your page a class that inherits from a base class that checks for registered users.

+1
source

A good way to begin to understand that forms authentication in ASP.Net is creating a new website. Go to Visual Studio and create a new project, select Web, and then ASP.NET Web Application. Check this in the Account folder to understand the ASP.Net process and methods.

+1
source

You can create BasePage and inherit your entire page from this base page, install the function on your base page.

 public class BasePage : Page { protected void checkSession() { if (Session["LoggedIn"] != "true") { Response.Redirect("default.aspx"); } } }

Your page

 public partial class YourPage : BasePage { .... }

Another solution:

In your Http module, create Principal and Identity to set the authentication and authorization functions, in your http module attach abstract data to the current stream.

link: http://msdn.microsoft.com/en-us/library/system.security.principal.iidentity.isauthenticated.aspx

0
source 
  public class BasePage : Page { protected void checkSession() { if (Session["LoggedIn"] == null) { Response.Redirect("~/default.aspx/"); } } }
0
source

1st Way: Global.asax.cs ADD

  void Application_AcquireRequestState(object sender, EventArgs e) { HttpContext context = HttpContext.Current; Page page = context.Handler as Page; if ((string)context.Session["LoggedIn"] != "true" && !(page.AppRelativeVirtualPath == "~/Default.aspx")) context.Response.Redirect("default.aspx"); }

2nd Way: You can have the same session management on the main page. Page load event.

Hope this helps.

0
source

More articles:


All Articles