I have a login page and a global page where the user is redirected to after he logged in.
I need to know if this is a good method for protecting some web files to be accessed if the user is not logged in.
global.aspx code (the protected page where the user is redirected after he logged in)
protected void Page_Load(object sender, EventArgs e)
{
if (Session["Login"] != null)
{
if (Session["Login"].Equals("Logged"))
{
userName.Text = (string)Session["UserTest"].ToString();
}
}
else
Response.Redirect("http://localhost:port/Login.aspx");
}
Login page code:
Session["Login"] = "Logged";
Session["UserTest"] = "Test123";
Response.Redirect("http://localhost:port/Global.aspx");
Thanks
I think you should read about forms authentication. And yet another article about it. The code you have written seems fine but my God, you are reinventing a wheel.
The idea of forms authentication is that the currently authenticated username is stored in an encrypted cookie (unless defined otherwise) and sent along each request. The forms authentication module, once activated, checks for the presence of this cookie on each request and automatically assigns the
Userproperty to make it available to all your pages. And if someone attempts to access a protected page, the module simply redirects him to the login page that was configured inweb.config. The<location>element in web.config allows you on the other hand to specify which pages/folders of you application require authentication.So once you activate forms authentication, here’s how your protected page could look like:
And the
Loginpage (which should not be protected):You might also checkout the Login control that could simplify this even further.