Re: Newbie question
From: Brock Allen (ballen_at_NOSPAMdevelop.com)
Date: Tue, 17 May 2005 15:03:22 -0700
You need to authenticate the user on every request. It sounds like you want
to use FormsAuthentication which is a mechanism of issuing a cookie to the
user to identity them. Then there's a declarative syntax you can specify
in your web.config to control access. This is nice so you don't have to manually
code the access check in every page. Here's a link on Forms Authentication
to get you started:
> I have a login which does a lookup in a Sql server table to check for
> valid usernames and password. Then if login is Ok user allowed to go
> to next page by using a response.redirect. Once on the next page he
> can continue using site.
> Question is how do I prevent a user from copying a URL from the
> explorer and copying that address to a browser and then go directly to
> that page, bypassing the login page?
> I need to use SQL server based login because it is easier for the
> users to maintain that list with a simple User Interface than it is to
> have them understand the ins and outs of Windows security and groups.
> most of my customers are small buisnesses with no budgets for training
> or hiring system admins so I gotta KISS - (keep it simple stupid) :-)
> Thanks for any help