Where to place authentication check in ASP.NET
Question
I have some code used to determine if a user is logged in and I want to put this on every page in an ASP.NET website so that only logged in users can view it. The problem is that the site is split into multiple projects/solutions so maintaining the single piece of code might be hard.
I was thinking I could create a class that inherits for System.Web.UI.Page and overrides Page_Init , but that would require changing all pages so they inherit from new new class. Also I don't think this will work across projects.
So then I thought approaching the problem from a different side: using AOP. I have never used Aspects before but it looks like I could use PostSharp to write an Aspect that injects code before every Page_Init (or maybe Page_Load ?). This might work as a quick solution but I might run into problems if I need a page to not perform the authentication check (available to everyone).
Just to clarify, I already have a login solution; I am just looking for a checking that login on each page.
4 answers
solution1
3 2012-04-09 16:55:22
Look into HttpModules. The asp.net framework is already programmed so that a module runs on every page request, you just have to write it and add it to web.config.
http://msdn.microsoft.com/en-us/library/zec9k340(v=vs.71).aspx
EDIT: Here's a better link that demonstrates handling the BeginRequest event http://msdn.microsoft.com/en-us/library/ms227673(v=vs.85).aspx
solution2
1 2012-04-09 16:58:29
As @jrummell mentioned, there's MembershipProvider which is a great option, but if you're creating custom login solition, check this link which has a pretty simple login implementation step by step
solution3
1 2012-04-09 17:20:31
Since you seem to have your login solution handled and working, creating a class that overrides the page_init sounds like your best option. This can work across other projects by simply creating that class in a separate project that you can included in your other solution(s)... To be honest, that's the easiest way to span the logic across multiple projects.. This will also be easily maintained because you'd only have to update one location going forward.
If you are using MasterPages, you wouldn't have to hit all of the pages, you could just include it on specific MasterPage(s) and set all the pages you want authentication to use that MasterPage.
solution4
0 2012-04-09 16:59:50
Windows Identity Foundation can solve this for you. See http://msdn.microsoft.com/en-us/security/aa570351 for details on WIF. No need to reinvent the wheel. If you had only one Web application, Forms authentication would suffice.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.