Checking IsAuthenticated for new ASP.NET session

[Richard]

How can I check to see if a user has previously been authenticated with
FormsAuthentication on a page that is defined as viewable by everyone
in web.config?

For example, index.aspx and login.aspx allows everyone to see it via
web.config entries:
<authorization>
<allow users="*" />
</authorization>

Then, when someone logs in I use forms authentication, and the user has
the opportunity to keep the cookie/ticket persistent:
FormsAuthentication.RedirectFromLoginPage(username, True)

When the user closes out the session and returns to the website later,
I would like to check if they had been previously authenticated using
the index.aspx and login.aspx pages. Initially on those pages,
Request.IsAuthenticated returns False, but if the user enters a
restricted page, they are allowed to enter and Request.IsAuthenticated
returns True from then on.

Is this possible? Do I need to get into the cookie? If so, how?
Thanks in advanced.

 

[Chris Rolon]

In order to force authentication to occure you will have to disable the
anonymous user. The framework will verify that the user has been
authenticated and if not will redirect the user to the defined login page.

Here is a good sample:
http://samples.gotdotnet.com/quicks...px?url=/quickstart/aspplus/doc/formsauth.aspx

Chris Rolon

 

[Richard]

I already have formsauthentication set up. Read my original post over
again...my issue is that I do not want to redirect a user to the login
page if they go to my index.aspx page. However, on my index.aspx page I
would like to grab user specific information IF they have a persistant
cookie.

With formsauthentication, I am stuck with 2 options that do not work
for my site:
1) force authentication by denying authorization to index.aspx for all
users. Thus, making login.aspx my new default page for new users.

2) allow authorization for all to see index.aspx, but will not be able
to tell if they are persistantly authorized (cookie). Thus, no "hello
'siteUser', you are currently logged in", and no menu specific changes
on the site.


To be more specific, lets say you are an admin user and this is your
first time to the site. When you come to my site without ever having
logged in, you see 4 javascript menus on the home page, just as any
other visitor would. Once you log in as admin, you are redirected to
the home page, but all the pages now have 5 javascript menus. Keep in
mind, chkPersistantCookie.Checked = true during the login process.

Now, the session is completely closed...no more browser windows.

What happens on next visit:
User as admin goes to the home page and sees 4 menus, even though the
cookie is persistant and they have already been authorized. If the user
goes to a protected page, from there on there are 5 menus again. So,
the user doesn't think he is initially logged in and typically goes to
the login page without needing to (even though it doesn't look it, but
the user is authorized).

What needs to happen on next visit:
User as admin goes to the home page and sees the 5th menu. Now the user
knows he is logged in and can navigate to the pages under the 5th menu.