Security
-
Hello, I have written a logon page for my site and it seems to work. Users can only authenticate if their usernames and passwords match in my web.config file under the credentials tag. How can I then stop users accessing my other pages? In Classic ASP I would set a session variable to indicate if the user was authenticated. Is it still the same in ASP.NET or is there a better way now? :)
-
Hello, I have written a logon page for my site and it seems to work. Users can only authenticate if their usernames and passwords match in my web.config file under the credentials tag. How can I then stop users accessing my other pages? In Classic ASP I would set a session variable to indicate if the user was authenticated. Is it still the same in ASP.NET or is there a better way now? :)
The documentation says the Session object is "intrinsic" and should work as in Classic ASP. I have put the session test in the OnPageLoad event handler - is this right? Where are any examples? I cannot find any! When I try to use it I get an error: CS0118: 'System.Web.UI.Page.Session' denotes a 'property' where a 'method' was expected How can I use the Session object in C#? Is this not right?
void OnPageLoad(Object sender, EventArgs e)
{
if (!Session("bValid"))
{
Response.Redirect("frmLogin.aspx");
}
} -
The documentation says the Session object is "intrinsic" and should work as in Classic ASP. I have put the session test in the OnPageLoad event handler - is this right? Where are any examples? I cannot find any! When I try to use it I get an error: CS0118: 'System.Web.UI.Page.Session' denotes a 'property' where a 'method' was expected How can I use the Session object in C#? Is this not right?
void OnPageLoad(Object sender, EventArgs e)
{
if (!Session("bValid"))
{
Response.Redirect("frmLogin.aspx");
}
}Anonymous wrote: How can I use the Session object in C#? Like this:
Session["bValid"]
For more information about ASP.NET authentication & authorization, see this online book. ETA: Oops... this online book[^] :-O Jon Sagara As you may presently yourself be fully made aware of, my grammar sucks. Sagara.org | Blog | My Articles J.O.N.S.A.G.A.R.A.: Journeying Operational Neohuman Skilled in Assassination, Galactic Analysis and Rational Astrophysics -- modified at 13:51 Tuesday 20th September, 2005
-
Anonymous wrote: How can I use the Session object in C#? Like this:
Session["bValid"]
For more information about ASP.NET authentication & authorization, see this online book. ETA: Oops... this online book[^] :-O Jon Sagara As you may presently yourself be fully made aware of, my grammar sucks. Sagara.org | Blog | My Articles J.O.N.S.A.G.A.R.A.: Journeying Operational Neohuman Skilled in Assassination, Galactic Analysis and Rational Astrophysics -- modified at 13:51 Tuesday 20th September, 2005
-
Hello, I have written a logon page for my site and it seems to work. Users can only authenticate if their usernames and passwords match in my web.config file under the credentials tag. How can I then stop users accessing my other pages? In Classic ASP I would set a session variable to indicate if the user was authenticated. Is it still the same in ASP.NET or is there a better way now? :)
If you're using ASP.NET authentication you can do a check on each "protected" page to see if the user is authenticated, by examining the
User.Identity.IsAuthenticatedproperty. Evil cannot be conquered in the world... It can only be resisted within oneself.