Sorry for bad english :(
===============
Hello you all greate web guru
I am a learner of web developement. I have create two pages one is login page and other is UserHome.aspx. It will open after success full login.
When user enters correct information then following works
if(myDatareader.read()==true)
{
Request.Redirect("UserHome.aspx?ID="+Ses...
}
I am sendind an session ID to check continues of webpage. And written inf UserHome.aspx
Page_load(ss,ss)
{
If(Request.QueryString["ID"]!="" || Request.QueryString["ID"]==null)
{
Request.Redirect("User.aspx");
}
}
Its working fine. But problem is that its really nothing means security. because when Url copy the UserHom.aspx with any ID value its open.
I want that User login only after that UserHOme.aspx will open otherwise not.
will you suggest me technique that how can I manage User in my web.
Thanks in Advance
Will you help me to manage user session in a website using C#.net and ASP.Net?
Ok this is how you can do it (if you insist on reinventing the wheel)
1) Declare a User class
2) Add properties and methods to the User Class. For example you might add a property named IsAuthenticated to your class.
3) after authenticating an instance of User, you save in it Session
In a secure page, you retrieve your user object from the Session to check if the current user is authenticated. If not, you redirect him to a login page
User user = (User)Session["currentUser"];
if(!user.IsAuthenticated) {
Response.Redirect("Login.aspx", true);
}
In the Login Page, after a user successfully logins in you store a User instance in Session
User user = new User();
// do stuff here to authenticate user
user.IsAuthenticated = true;
Session["currentUser"] = user;
Hope this helps!!
Reply:Use the built-in forms authentication provider that comes with ASP.NET. It will work much better than what you have now, which is awful.
http://quickstarts.asp.net/QuickStartv20...
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment