Re: Newbie question

From: Brock Allen (ballen_at_NOSPAMdevelop.com)
Date: 05/18/05

  • Next message: Brock Allen: "Re: Extendig SqlMembershipprovider"
    Date: Tue, 17 May 2005 15:03:22 -0700
    
    

    You need to authenticate the user on every request. It sounds like you want
    to use FormsAuthentication which is a mechanism of issuing a cookie to the
    user to identity them. Then there's a declarative syntax you can specify
    in your web.config to control access. This is nice so you don't have to manually
    code the access check in every page. Here's a link on Forms Authentication
    to get you started:

    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconSimpleCookieAuthentication.asp

    and

    http://www.dotnetjunkies.com/QuickStart/aspplus/default.aspx?url=/quickstart/aspplus/doc/formsauth.aspx

    -Brock
    DevelopMentor
    http://staff.develop.com/ballen

    > I have a login which does a lookup in a Sql server table to check for
    > valid usernames and password. Then if login is Ok user allowed to go
    > to next page by using a response.redirect. Once on the next page he
    > can continue using site.
    >
    > Question is how do I prevent a user from copying a URL from the
    > explorer and copying that address to a browser and then go directly to
    > that page, bypassing the login page?
    >
    > I need to use SQL server based login because it is easier for the
    > users to maintain that list with a simple User Interface than it is to
    > have them understand the ins and outs of Windows security and groups.
    > most of my customers are small buisnesses with no budgets for training
    > or hiring system admins so I gotta KISS - (keep it simple stupid) :-)
    >
    > Thanks for any help
    >
    > RD
    >


  • Next message: Brock Allen: "Re: Extendig SqlMembershipprovider"