The following describes the easiest way I have found to force users to log into an ASP.NET website for each session but not require them to accept cookies. You must do the following things.
- Create a Web.config file with the appropriate entries to allow session state management.
- Create a well formed Global.asax file with the code below included in it.
- Create a login page to authenticate users against a database or whatever method you desire.
' Fires when the session is started and sets the default loggedin state to ""
Sub Session_Start(ByVal sender As Object, ByVal e As EventArgs)
Session("Loggedin") = ""
CheckLoggedIn()
End Sub
Collapse
' Called when the request has been process by the Request Handler and
' HttpSessionState is available [This is the key piece of code that forces
' the user is login check with each page request]
Sub Application_OnPostRequestHandlerExecute()
CheckLoggedIn()
End Sub
Collapse
'Check that the user is logged in.
Sub CheckLoggedIn()
'If the user is not logged in and you are not currently on the Login Page.
If Session("LoggedIn") = "" And InStr(Request.RawUrl, "Login.aspx") = 0 Then
Response.Redirect("~/Login/Login.aspx")
End If
End Sub
Finally create a Login.aspx file that authenticates the user. If the user is allowed in, set:
Session("Loggedin") = "Yes"
That's all there is to it. Hope this helps! Enjoy!
No comments:
Post a Comment
Please Provide your feedback here