Not Authenticated => Redirect to login page
In the ASP classic, it is a common practice to use Session variable for the Authentication status and check the variable on each page to avoid unauthorized access. However, moving forward to ASP.Net and using Login Controls gave me the impression that should be a better way to do this. In a previous post, I had some understanding about the ASP.Net Form authentication, but the picture was incomplete because profile or role-based security checking is missing on the web site pages.
If the basic requirement is just to check if user is authenticated to access the web site then the following code can be added to the MAsterPage form load event:
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
If Not Request.IsAuthenticated AndAlso Not IsLoginPage() Then
Response.Redirect("Login.aspx", False)
End If
End If
End Sub
Private Function IsLoginPage() As Boolean
If InStr(Request.ServerVariables("URL"), "Login.aspx") > 0 Then
Return True
Else
Return False
End If
End Function
The following article on the ASP.Net web site contains more detailed information: http://www.asp.net/learn/security/tutorial-02-cs.aspx
