Well John, with my understanding, you can use a session object to track the
user's authenticity in several pages.
on the page, user enters his credentials, set his session variable if he is
authenticated, like
Session["user"]='someValue';
Then on the page, where you need to check if the user is authenticated or
not, check the session variable you set, may be in the Page_Load() event, like
if(Session["user"]=='someValue')
{
// do whatever
}
in that way, the user wouldnt be able to anything on the page, if he doesnt
have that session variable. If he is nnot authenticated, Session["user"]
shouldnt contain any value, since you set it after the user is authenticated.
HTH
Let me knowif you have anymore questions
:
Hi
Thanks. Gives a good idea of what asp.net presents in terms of
security. My
problem is much simpler. Basically it is a staff application form and we
want potential staff to call office first and get the code so we can
vet
them. Nothing security critical by a long shot just to keep unqualified
people from sending in applications and wasting our time. Any possibility of
being able to do this simple user authentication? There are several forms
that need it. There is one form that handles input and verification of the
code.
Thanks
Regards
John wrote:
Hi
I have several web forms that require users verification by
entering
a code before they are allowed in. I have created a separate web form
for entering and verifying user code. How do I incorporate this
with
web forms that require security? I am very new to this and would
appreciation some clarification on how this sort of thing works in
asp.net.
There are several tutorials around, such as this one:
http://www.dotnetjunkies.com/quickstart/aspplus/doc/securityoverview.aspx
The standard way is to put all protected aspx files in a separate
folder, and protect the folder through web.config.
ASP.NET will do most of the work then.