locked
Sessions effecting controls. RRS feed

  • Question

  • User-1432872897 posted

    Problem 1: Hey so I have a login that creates a session containing the Username of the person logged in.

    I then want to remove the login fields and show the log out button when a user is logged in. Using:

     

    var userlog = Session["LogIn"];
            if (userlog != null)
            {
                lblPass.Visible = false;
                lblReg.Visible = false;
                lblUser.Visible = false;
                tbUser.Visible = false;
                tbPass.Visible = false;
                btnLogin.Visible = false;
                HyperLink1.Visible = false;
                btnLogOut.Visible = true;
            }


    It appears I have to navigate to the page again for this to take effect, rather than asynchronously. How can I change this?

    Problem 2: Even when the session is created I can't reach my restricted page, which uses "?" to restrict annonymous users, are sessions not counter-active of this?

     

    Thanks. 

    Friday, May 10, 2013 12:33 PM

Answers

All replies

  • User-851967432 posted

    Can you please edit your verbiage? I didn't understand much of what you said and now my head hurts trying to decipher it.

    Friday, May 10, 2013 12:44 PM
  • User-1432872897 posted

    Better? Hope it is more understandable.

     Thanks. 

    Friday, May 10, 2013 1:06 PM
  • User-851967432 posted

    Much better...

    Ok problem #1 is associated with a postback. The page first has to postback in order for userlog to not be null. You might want to wrap that in a If Page.IsPostback.

     #2 just because a session is created doen't mean your authenticated. You can still be an anonymous user. You want to verify authentication before navigating to the restricted page.

    Friday, May 10, 2013 1:16 PM
  • User-1432872897 posted

    if(page.IsPostBack){} didn't work.

    How would I  authenticate the user if a session exists?

     

    Thanks. 

    Friday, May 10, 2013 1:34 PM
  • User-851967432 posted

    You can either use windows authentication, forms authentication, or asp.net membership.

    Here's a start: http://msdn.microsoft.com/en-us/library/eeyk640h(v=vs.100).aspx

    Friday, May 10, 2013 1:38 PM
  • User-1432872897 posted

    I appreciate the help, but it's not clear anywhere what exactly goes in the web.config to allow users if a session is open.

    Friday, May 10, 2013 1:40 PM
  • User-851967432 posted

    Sessions and authentication are seperate entities but work hand in hand. The session starts as soon as you access the page whether you're authenticated or not. Make sense?

    However, if you're going to code with restricted pages based on authentication or anonymous users, you have to implement authentication protocols. Still make sense?

    Friday, May 10, 2013 1:47 PM
  • User-1432872897 posted

    <allow users="Session['LogIn']"/> is all I can come up with, and it doesn't work.

    The website isn't going live so I'm looking for an easy solution. As I get the redirection to register to view the page when logged in, instead of using the session to allow access. 

    Friday, May 10, 2013 1:48 PM
  • User-851967432 posted

    Here's a useful posting that will help you wrap your head around this: http://forums.asp.net/t/1177741.aspx

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, May 10, 2013 1:49 PM
  • User-1432872897 posted

    Sounds a bit complex for such a simple task.

     All I want is...

    When a user logs in, there username is inserted into a session.

    While this session is active, a user can acces a page that is restricted.

    The restriction is only:

     

          <authorization>
            <deny users="?" />
          </authorization>

    ...within the root of the folder containing the restricted page.

    Surely it's just one line I can add to my web.config to allow access to a user with the session?

    Friday, May 10, 2013 2:01 PM
  • User-851967432 posted

    No that's not how it works. If you allowed all users, then yes a simple session could be used for your custom authentication. As soon as you add the restriction to the web.config, you're forced to implement an authentication API.

    Sorry for the bad news.

    Friday, May 10, 2013 2:27 PM