i have a question about security of pages

Discussion in 'ASP .Net' started by miladhatam@gmail.com, Feb 5, 2007.

  1. Guest

    what is the best security way to access a private page
    i use session
    for example
    if (Session.Contents["us"].ToString() != "admin")
    {
    Response.Redirect("default.aspx");

    }
    but i know it is not safe
    can you help me ?
     
    , Feb 5, 2007
    #1
    1. Advertisements

  2. Forms authentication works nicely and is definitely a step above using
    session variables. If you're using ASP.Net 2.0, you can use the built-in
    membership system in combination with Forms authentication (in 1.x you would
    have to write your own routine to validate user credentials). You can then
    have a web.config for the protected sub-directory that essentially says to
    deny all users who don't have an authentication ticket and then forms
    authentication will automatically redirect them to a place to login (which
    can be the default page if you just want to hide the admin login page).


    --

    Hope this helps,
    Mark Fitzpatrick
    Former Microsoft FrontPage MVP 199?-2006

    <> wrote in message
    news:...
    > what is the best security way to access a private page
    > i use session
    > for example
    > if (Session.Contents["us"].ToString() != "admin")
    > {
    > Response.Redirect("default.aspx");
    >
    > }
    > but i know it is not safe
    > can you help me ?
    >
     
    Mark Fitzpatrick, Feb 5, 2007
    #2
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Eric
    Replies:
    2
    Views:
    1,766
    Tommy
    Feb 13, 2004
  2. Aaron
    Replies:
    1
    Views:
    531
    John C. Bollinger
    Aug 4, 2003
  3. Marco
    Replies:
    1
    Views:
    2,662
    Roedy Green
    Jan 28, 2006
  4. dolphin
    Replies:
    3
    Views:
    482
    rossum
    Mar 9, 2007
  5. Akram Baig
    Replies:
    0
    Views:
    506
    Akram Baig
    Apr 7, 2011
  6. Dinis Cruz

    Asp.Net Security Analyser (new security tool by DDPlus)

    Dinis Cruz, Oct 8, 2003, in forum: ASP .Net Security
    Replies:
    2
    Views:
    330
    Dinis Cruz
    Oct 11, 2003
  7. Michael Randrup
    Replies:
    3
    Views:
    512
    Henning Krause [MVP]
    Mar 27, 2006
  8. Leyla
    Replies:
    2
    Views:
    1,037
    Leyla
    Aug 17, 2006
Loading...