i have a question about security of pages

Discussion in 'ASP .Net' started by miladhatam@gmail.com, Feb 5, 2007.

  1. Guest

    what is the best security way to access a private page
    i use session
    for example
    if (Session.Contents["us"].ToString() != "admin")
    {
    Response.Redirect("default.aspx");

    }
    but i know it is not safe
    can you help me ?
     
    , Feb 5, 2007
    #1
    1. Advertising

  2. Forms authentication works nicely and is definitely a step above using
    session variables. If you're using ASP.Net 2.0, you can use the built-in
    membership system in combination with Forms authentication (in 1.x you would
    have to write your own routine to validate user credentials). You can then
    have a web.config for the protected sub-directory that essentially says to
    deny all users who don't have an authentication ticket and then forms
    authentication will automatically redirect them to a place to login (which
    can be the default page if you just want to hide the admin login page).


    --

    Hope this helps,
    Mark Fitzpatrick
    Former Microsoft FrontPage MVP 199?-2006

    <> wrote in message
    news:...
    > what is the best security way to access a private page
    > i use session
    > for example
    > if (Session.Contents["us"].ToString() != "admin")
    > {
    > Response.Redirect("default.aspx");
    >
    > }
    > but i know it is not safe
    > can you help me ?
    >
     
    Mark Fitzpatrick, Feb 5, 2007
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.

Share This Page