How do i Password protect all my asp.net pages on my website

Question

ediddy02 0 Newbie Poster

16 Years Ago

I was able to develop a simple user name and password code that would enable users log into my website before viewing the home page.This worked.Now i have tried to apply this code below to ensure that no link when typed into the browser from any of my web page files will show unless the user login session is signed in as true(code below)
<%
If Session("BlnLoggedIn") <> True Then
Response.Redirect("login.asp")
End If
%>

I have tried to place this code at the top most of my html page but it doesnt seem to work instead the code appears on the html page browser when you view it...am i applying the correct code ?or am i not putting it at the right place on my html pages... i want to block users from viewing all my html pages unless the user login session is true according to my code..This would mean that if they are not logged in they would be redirected to the login.asp page...how do i go abt it??

asp.net

5 Contributors
5 Replies
259 Views
2 Days Discussion Span
Latest Post 16 Years Ago Latest Post by ManicCW

SheSaidImaPregy 28 Veteran Poster

16 Years Ago

it must be an aspx page, not html. Otherwise it will never be read.

However, if you are hitting a problem, you should set your BlnLoggedIn to "True" and not just True. Session Variables aren't really used as booleans so set it to a static text. you can even do just "0" and "1" for sake of your server's memory capabilities and to save memory as well.

SheSaidImaPregy 28 Veteran Poster

16 Years Ago

You also need to place it within a page rendering tag, like "Page_Init".

Sub Page_Init(ByVal S As Object, ByVal E As EventArgs)
  If Not Session("BlnLoggedIn") = "1" Then Response.Redirect("login.aspx")
End Sub

However, if you are using Classic ASP, you are in the wrong forum, but your code should work. Try setting your "True" value as a string instead of a boolean.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

ericstenson 5 Posting Whiz in Training Team Colleague · Answer 1 · 2008-02-03T12:57:46+00:00

my favorite approach is to pass the user's identity # after log-in.

on log-in page
context.items.add("UID", useridfromdb)

where useridfromdb is the identity vale from the database

then, on the page_load for each page i get the user's record #

on pageload event:

dim uid as string
uid = context.items("UID")

if uid = "" then
server.transfer("~/notauthorized.aspx")
end if

that sits at the top. it is also a good idea to make sure it is not a postback when checking.

does this make sense?

a496761 0 Junior Poster in Training · Answer 2 · 2008-02-04T20:27:35+00:00

Are you using asp.net? If so, you may want to check out forms authentication. This way you won't have to put code on every page. The link below gives a pretty good overview. Good luck!

http://www.4guysfromrolla.com/webtech/110701-1.shtml

Jake

ManicCW 3 Junior Poster in Training · Answer 3 · 2008-02-05T13:37:15+00:00

I agree. Use form authentication.
You can protect your site with simple two line code in web.config file.