Forms Authentication Issue

Question

1.00/5 (1 vote)

See more:

Hello everyone,
I am working on the web application in which i have one login page and the other page to which user will be redirected on successful login.I want to prevent direct access to that another page for unauthenticated users.As we all know,to accomplish this,FORMS AUTHENTICATION is the best way.I have made following changes to web.config:

XML

<authentication mode="Forms">
     <forms loginUrl="Login.aspx"/>
   </authentication>
   <authorization>
     <deny users="?"/>
   </authorization>

Now,My question is,how to determine weather,user is authenticated or not?I have done that when user types in the username and the password,on successful login,it will be redirected to the main page with username passed as query string:

Response.Redirect("Default.aspx?uname=" + uname + "");

i have gone through somany tutorials on google,but not able to figure out how to determine users identity.Please suggest me the ways to overcome this issue.

Regards

Posted 27-Jan-13 17:58pm

Thanks7872

Add a Solution

Comments

[no name] 28-Jan-13 0:00am

use roles, httpauthenitcate cookie

Thanks7872 28-Jan-13 0:03am

can you please suggest me,when user is successfully verified than what to do while redirecting it?i mean,if possible show me the steps....

2 solutions

Solution 1

You can use the following guide lines

<authorization>

<deny users="?">

however you can refer following URL for more details

http://www.codeproject.com/Articles/13872/Form-authentication-and-authorization-in-ASP-NET

Posted 27-Jan-13 18:22pm

MinhajMohammed

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

furqanAshraf · Accepted Answer · 2013-01-27T19:32:00

Solution 2

Use session or cookies to store userId for that specific user instance. Through storing user id you can get user id on any page of your application.
In login.aspx.cs

Do following

Session["userId"] = YourAuthenticatedUserId;

On every page or in master page .cs file. Do the following

If(Session["userId]== null)
{
Response.Redirect("Login.aspx");
}
else
{
// Your code for authenticated user
}

Posted 27-Jan-13 19:32pm

furqanAshraf

Updated 27-Jan-13 19:35pm

v2

Comments

Thanks7872 28-Jan-13 1:37am

that is querystring or session,used to pass info to redirected page...but i want to restrict direct access to page,such that when you type url directly,the code checks weather you are authenticated or anonymous,if anonymous then redirect should be to login page....my question is how to decide that?

Thanks7872 28-Jan-13 2:56am

as you suggested i used this:

Session["userId"] = TextBox1.Text;
Response.Redirect("Default.aspx");

on successful login.and checking its values on second page like this:

if ((Session["userId"] == null))
{
Response.Redirect("Login.aspx");
}
but,when i close the browser and open the default page directly,it is working..that should not be...how to solve this?