I am new to ASP.net, newbie but I am learning it to my own! I am testing and learning the logged in and logged out functionality in ASP.NET. Actually my problem is that I have a simple page ie Default.aspx for login purpose as:
<body>
<form id="form1" runat="server">
<div>
<h1>Please Sign in</h1>
UserName:
<asp:TextBox id="uname" runat="server"></asp:TextBox>
<br/>
Password:
<asp:TextBox id="upass" runat="server"></asp:TextBox>
<br/>
<asp:Button id="but" runat="server" text="signup" OnClick="but_Click"/>
<br/>
<asp:Label ID ="lblInformation" runat ="server" ForeColor ="Red"/>
</div>
</form>
</body>
I am logging in as (Default.aspx.cs):
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
String name = null;
String pass = null;
protected void but_Click(object sender, EventArgs e)
{
name = uname.Text;
pass = upass.Text;
if (name.Equals("admin")&&pass.Equals("admin"))
{
FormsAuthentication.RedirectFromLoginPage(name, false );
}
}
}
after my successful login; redirecting to Home.aspx as:
<body>
<form id="form1" runat="server">
<div>
<h1>Hello User</h1>
<asp:Button ID="but" OnClick="but_Click" text="signout" runat="server"/>
</div>
</form>
</body>
and I am log out as Home.aspx.cs
public partial class Home : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void but_Click(object sender, EventArgs e)
{
FormsAuthentication.SignOut();
FormsAuthentication.RedirectToLoginPage();
}
}
The Problem The Problem is that after logging in if I copy the Home.aspx page URL (the page I have landed after the login), and paste in the browser search bar and press enter, I am able to see it without I Have been logged in!
I mean I want my user to restrict landing on Home.aspx if hes not logged in any case!
So the question is how can i restrict my user to view Home.aspx page if he has not logged in because I can view the page even if I am not logged in just by copying the Home.aspx URl into browser!
Sorry for my english I am not from an english country I am just learning asp.net to my own.
Thanks
In Page_Load
event check for authorization.
if (!User.Identity.IsAuthenticated)
{
Response.Redirect("~/Login.aspx");
}
可能最简单的方法是在Home.aspx的Page_Load方法中,添加
if(!Request.IsAuthenticated) { FormsAuthentication.RedirectToLogin(); }
Let ASP.Net do the work for you; you can control this through web.config.
You can add the following to the <system.web>
section:
<!-- Specify that only authenticated users are allowed to access pages by default.
Those that anonymous users can access will be specified separately. -->
<authorization>
<deny users="?" />
</authorization>
Then, you can add the following entry to allow non-logged in users access to default.aspx:
<!-- Specify those files that all users can access, even if they aren't logged in -->
<location path="Default.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.