locked
How do i redirect user to login if not authenticated RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    User-2074858223 posted

    Example at looking at the code below it doesn't check if the user is authenticated because if am user1 and i goto the URL and type 2 as id i will be able to see the user2 page and data which not right.

    protected void Page_Load(object sender, EventArgs e)
    {
        if (User.Identity.IsAuthenticated)
        {

            if (!Page.IsPostBack)
            {
              //   GetUserProfile2(int.Parse(Request.QueryString["Id"].ToString()));
                if (!object.Equals(Session["UserId"], null))
                {
                    if (object.Equals(Session["UserId"], Request.QueryString["Id"]))
                    {
                        //btnCancel.Visible = false;
                    }
                    else
                    {
                        // btnCancel.Visible = false;
                    }
                }
            }

    Tuesday, November 24, 2015 9:44 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    User603616845 posted

    Hi,

    In order to automatically redirect non-logged in users to login page, you need to deny anonymous access to "all" pages. This is done in the site's web.config file:

    web.config

    <?xml version="1.0"?>
<configuration>
   <system.web>
      ...
      <authorization>
         <deny users="?"/>
      </authorization>
   </system.web>
</configuration>

    The special  token is used to represent anonymous users. This, when combined with telling Forms authentication where the "Login" page is:

    <?xml version="1.0"?>
<configuration>
   <system.web>
      ...
      <authentication mode="Forms">
         <forms loginUrl="~/Account/Login.aspx" timeout="2880"/>
      </authentication>
      <authorization>
         <deny users="?"/>
      </authorization>
   </system.web>
</configuration>

    means that any any anonymous users will be automatically redirected to the login page.

    Hope this will help you.

    thanks

    Tuesday, November 24, 2015 9:54 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User-2074858223 posted

    After trying your example i can still navigate to every user page and see their data

    <location path="~/Pages/Mail.aspx">
    <system.web>
      <authorization>
        <deny users="?" />
      </authorization>
    </system.web>
  </location>
  <location path="Default.aspx.aspx" />
  <location path="~/Pages/Mail.aspx" />

    Tuesday, November 24, 2015 10:28 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User-2074858223 posted
    I think I have seen the issue
    Tuesday, November 24, 2015 11:33 AM