Click here to Skip to main content
15,905,563 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
i have an web application on intranet.
on database a have a table with application users info:
Windows username , role .... and other stuff

on Session Start, i read logged in Windows user, and retrieve their info from application users on database. i save retrieved info in Session variable

if i want to restrict access to the webpages based on user's info,
so that if the Windows user does not exist in application's users table, i want to prevent access to page. What is the best way to do that?

thanks in advance

What I have tried:

i tried to examine user info saved in Session variable on EACH PAGE LOAD .. or on MASTER PAGE LOAD ....

but i don't know what the best practice is
Updated 2-Oct-17 3:21am

One simple way is to have each page inherit from a base class that does the security check in its Page_Load. If you are too far into it to change to a base class you can always add a call in each page load to check if they have access to that page.

You can also use Location elements in your web.config if there are only a few pages that will need different levels of access.

This article goes over various scenarios and should help you. Guru Sarkar's Blog - Setting authorization rules for a particular page or folder in web.config[^]

Also see, HOW TO: Control Authorization Permissions in an ASP.NET Application[^]
Share this answer
Forget writing code for it and just buy a firewall/proxy server product off-the-shelf. This is standard functionality.

Before you go off and say "it's too expensive!", think about this. How much do you get paid an hour to write this project? How long are you going to be writing it? Multiply the two and that's the minimum cost of your little project. Compare that to off-the-shelf cost and you should find that your project is going to cost more.
Share this answer

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900