Not Authenticated => Redirect to login page
In the ASP classic, it is a common practice to use Session variable for the Authentication status and check the variable on each page to avoid unauthorized access. However, moving forward to ASP.Net and using Login Controls gave me the impression that should be a better way to do this. In a previous post, I had some understanding about the ASP.Net Form authentication, but the picture was incomplete because profile or role-based security checking is missing on the web site pages.
If the basic requirement is just to check if user is authenticated to access the web site then the following code can be added to the MAsterPage form load event:
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load If Not Request.IsAuthenticated AndAlso Not IsLoginPage() Then Response.Redirect("Login.aspx", False) End If End If End Sub Private Function IsLoginPage() As Boolean If InStr(Request.ServerVariables("URL"), "Login.aspx") > 0 Then Return True Else Return False End If End Function
The following article on the ASP.Net web site contains more detailed information: http://www.asp.net/learn/security/tutorial-02-cs.aspxAdvertisements