C# .NET - To redirect to login page - Asked By abinav shankar on 25-Jan-12 03:43 AM

Hi
 
I am developing an application in that if i copy & paste the url of my other pages i should redirect it to the login page how to do it
smr replied to abinav shankar on 25-Jan-12 03:46 AM
hi

try this

public class BasePage : System.Web.UI.Page
{
  public SecurityApplicationPageBase()
  {
  this.Load += new System.EventHandler(this.Page_Load);
  }
 
  private void Page_Load(object sender, System.EventArgs e)
  {
 
  if(Session["Session_name"]==null)
  {
    Response.Redirect("Login.aspx");
  }
  InjectSessionExpireScript();   
  }
Web Star replied to abinav shankar on 25-Jan-12 03:47 AM
On all page you should use check user login session on page load if logged in than only load otherwise reidirect to login page simply as follows
if (Session["UserSessionData"] == null || ((SessionData)Session["UserSessionData"]) =="")
{
Response.Redirect("loginpage.aspx");

}
Danasegarane Arunachalam replied to abinav shankar on 25-Jan-12 03:53 AM
You can use the web.config to handle the authentication.

1.Set the Authentication Mode to Forms
2. Then Set the Redirect url

<authentication mode="Forms"> <forms loginUrl="Login.aspx" protection="All" timeout="400" name=".LoginPage"></forms>

</authentication>

kalpana aparnathi replied to abinav shankar on 25-Jan-12 03:57 AM
In your web configure file:

<authentication mode="Forms">
  <forms name=".FormsAuth" loginUrl="~/Login.aspx" protection="All" slidingExpiration="false" requireSSL="false" />
 </authentication>
 
  <authorization>
    <deny users="?"/>
  </authorization>
Suchit shah replied to abinav shankar on 25-Jan-12 04:33 AM

you can solve your problem using below tips.

1. Store user name and password in Session and check on every page load whether they are right or not.

2. Store any other variale in Application start (global.asax) and check in every page Load.


Have you set up allow and deny rules?

You must tell the system that you require users to be logged in, before they can look at certain pages.

And you can also say that some pages, or all the pages in certain folders, require users to be in certain roles.

You do this with allow and deny in web.config

If you have pages in different folders, you can have a little web.config in each folder that gives the rules for the pages in that folder.

For example, here is a web.config file in my UserAdmin folder.

Users with adminstrator role are allowed. allow roles="administrator"

All other users are banned - deny users="*"

This applies to all pages in that folder.

<?xmlversion="1.0"?>

<

configuration>

<system.web>

<authorization>

<allowroles="administrator, developer" />

<denyusers="*"/>

< /authorization>

</system.web>

< /configuration>

I recommend Scott Mitchell's security tutorials at http://www.asp.net/learn/security



dipa ahuja replied to abinav shankar on 25-Jan-12 06:22 AM

protected void BtnLogin_Click(object sender, EventArgs e)

    {

      String conn = "<Your connectionSTring>";     

      SqlConnection connection = new SqlConnection(conn);

      connection.Open();

      string q = "select Count(*) from users where  username='" + txtuname.Text + "' AND pwd ='" + txtpwd.Text + "'";

      SqlCommand comm = new SqlCommand(q, connection);

      int result = (int)comm.ExecuteScalar();

      if(result>0)

      {

        Session["user"] = txtuname.Text.ToString();

        Response.Redirect("home.aspx");

      }

      else

      {

        lblerror.Text = "Either username or password in incorrect !";       

      }

      connection.Close();

    }

Now put this code on every page load Whenever user login save the username in the session variable and if the session variable is null then redirect user to the login page


protected void Page_Load(object sender, EventArgs e)

{

  if (Session["user"] == null)

  {

  Response.Redirect("login.aspx");

  }

 

}