Home > ASP.NET > Not Authenticated => Redirect to login page

Not Authenticated => Redirect to login page

In the ASP classic, it is a common practice to use Session variable for the Authentication status and check the variable on each page to avoid unauthorized access. However, moving forward to ASP.Net and using Login Controls gave me the impression that should be a better way to do this. In a previous post, I had some understanding about the ASP.Net Form authentication, but the picture was incomplete because profile or role-based security checking is missing on the web site pages.

If the basic requirement is just to check if user is authenticated to access the web site then the following code can be added to the MAsterPage form load event:

  Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
      If Not Request.IsAuthenticated AndAlso Not IsLoginPage() Then
        Response.Redirect("Login.aspx", False)
      End If
    End If

  End Sub

  Private Function IsLoginPage() As Boolean
    If InStr(Request.ServerVariables("URL"), "Login.aspx") > 0 Then
      Return True
    Else
      Return False
    End If           
  End Function

The following article on the ASP.Net web site contains more detailed information: http://www.asp.net/learn/security/tutorial-02-cs.aspx

Advertisements
Categories: ASP.NET
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: