How to Create ASP.NET Session Login Without Cookies

The following describes the easiest way I have found to force users to log into an ASP.NET website for each session but not require them to accept cookies. You must do the following things.
  1. Create a Web.config file with the appropriate entries to allow session state management.
  2. Create a well formed Global.asax file with the code below included in it.
  3. Create a login page to authenticate users against a database or whatever method you desire.
' Fires when the session is started and sets the default loggedin state to ""

Sub Session_Start(ByVal sender As Object, ByVal e As EventArgs)
Session("Loggedin") = ""
CheckLoggedIn()
End Sub
Collapse
' Called when the request has been process by the Request Handler and 

' HttpSessionState is available [This is the key piece of code that forces 

' the user is login check with each page request]

Sub Application_OnPostRequestHandlerExecute()
CheckLoggedIn()
End Sub
Collapse
'Check that the user is logged in.

Sub CheckLoggedIn()
'If the user is not logged in and you are not currently on the Login Page.

If Session("LoggedIn") = "" And InStr(Request.RawUrl, "Login.aspx") = 0 Then
Response.Redirect("~/Login/Login.aspx")
End If
End Sub
Finally create a Login.aspx file that authenticates the user. If the user is allowed in, set: Session("Loggedin") = "Yes"
That's all there is to it. Hope this helps! Enjoy!

No comments:

Post a Comment

Please Provide your feedback here