How to prevent URL entry and redirect user to login page?

Question

How to prevent URL entry and redirect user to login page?

I am using ASP.NET authentication. If I try to access the page by copying the query string and pasting it into the browser, this will allow me to access the page.

How can this be prevented? I want the user to always be logged in.

+3

asp.net

kalls Oct 26 '10 at 17:14

source share

4 answers

Birby · Answer 1 · 2010-10-26T17:16:27+0000

You must set the authentication mode in your web.config

  <authentication mode="Forms">
        <forms name="Authen" protection="All" timeout="60" loginUrl="login.aspx"/>
    </authentication>
<authorization>
    <deny users="?"/>
</authorization>

Darin Dimitrov · Answer 2 · 2010-10-26T17:15:49+0000

You can restrict access to certain pages using the item <location>. For example, to restrict access to a subfolder admin:

<system.web>
    <!-- enable Forms authentication -->
    <authentication mode="Forms">
        <forms 
            name="MyAuth" 
            loginUrl="login.aspx" 
            protection="All" 
            path="/" 
        />
    </authentication>
</system.web>

<!-- restrict access to the admin subfolder 
     and allow only authenticated users -->
<location path="admin">
    <system.web>
        <authorization>
            <deny users="?" />
        </authorization>
    </system.web>
</location>

Jan_V · Answer 3 · 2010-10-26T17:16:57+0000

- web.config:

<authorization>
    <allow users="user1, user2"/>
    <deny users="?"/>
</authorization>

. .: http://support.microsoft.com/kb/815151

ArBR · Answer 4 · 2010-10-27T00:02:33+0000

web.config, Global.asax Session_Start (...) , , cookie, , :

public class Global:System.Web.HttpApplication 
{
    protected void Session_Start(object sender, EventArgs e) 
    {
        if(Session.IsNewSession) 
        {
            if (Request.Headers["Cookie"] != null) 
            {
                if (Request.Headers["Cookie"].IndexOf("Web_App_Login_Cookie", StringComparison.OrdinalIgnoreCase) >= 0)
                {
                    FormsAuthentication.SignOut();
                    Context.User = null;
                    Response.Redirect("~/logOn.aspx");
                }
            }
        }
    }
}

, - , OnInit (...) - , , - , .

public class SessionBasePage : System.Web.UI.Page
{
    protected override void OnInit(EventArgs e)
    {
        base.OnInit(e);
        if (HttpContext.Current != null && HttpContext.Current.Session != null)            
        {
            UserSession = HttpContext.Current.GetUserSession();
            if (UserSession != null)
            {
                LoggedUserInfo = HttpContext.Current.GetLoggedUserInfo();
                HttpContext.Current.UpdateLoggedUserInfo();
            }
            else { Response.Redirect("~/logOn.aspx", true); }
        }
    }
}

How to prevent URL entry and redirect user to login page?

More articles: