locked
prevent users from entering page RRS feed

  • Question

  • User1904999316 posted

    Hi, I've a page where the user enters his password and redirects him to another page (querystring) where he can modify his profil. the problem is that everyone can enter this page by changing the url (ex: modification.aspx?userID=something), I added a condition that the userID is in the DB, but I don't know how to prevent users from modifying other profils


    Any ideas please 

    Wednesday, August 21, 2013 9:11 PM

Answers

  • User-149365447 posted

    You said user system, which means user will be able to login before they edit thier data.

    If you send the username of logged in user from a Login Page through Session across the website,

    you can use the session value for validation rather than membership user..

    or you can post some of your codes so i can know how to help better.. thanks

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, August 22, 2013 2:33 AM
  • User22205941 posted

    simply,

    Assign your userid in session , in login page , if login successfull.

    eg: session["userid"]= your__login_user_id;

    In aspx page, on page_load event, use the following code.

    if(session["userid]==null)

             Response.Redirect("Login.aspx",true);  // go to your login page.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, August 22, 2013 2:40 AM

All replies

  • User-149365447 posted
    Hi. Try using a logic like this. When the page loads (ModifyProfile.aspx), do a check on the UserID you will get from the QueryString. If the User is viewing his or her own record then allow action, else redirect to another page. In this case, you will need the ID of the current user session to tell who is accessing the page. Lets do it this way. if you are using Membership in ASP.Net 4.0, You can say If If Request.QueryString("Username") = Me.User.Identity.Name Then 'Allow Edit Else Response.Redirect("SOME URLS HERE") End If
    Wednesday, August 21, 2013 9:40 PM
  • User1904999316 posted

    Thank you sir,

    But I m not using  Membership, and users are not loged in so I can compare usernames..

    Is there any other way? :( 

    Wednesday, August 21, 2013 9:56 PM
  • User-149365447 posted

    You said user system, which means user will be able to login before they edit thier data.

    If you send the username of logged in user from a Login Page through Session across the website,

    you can use the session value for validation rather than membership user..

    or you can post some of your codes so i can know how to help better.. thanks

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, August 22, 2013 2:33 AM
  • User22205941 posted

    simply,

    Assign your userid in session , in login page , if login successfull.

    eg: session["userid"]= your__login_user_id;

    In aspx page, on page_load event, use the following code.

    if(session["userid]==null)

             Response.Redirect("Login.aspx",true);  // go to your login page.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, August 22, 2013 2:40 AM
  • User224181609 posted

    Out of curiosity, if you are logging in users and all, why are you not using membership features?

    Why not take advantage of features asp.net has already provided rather then re-do them yourself?

    Thursday, August 22, 2013 7:52 AM