Verifying users

J

John

Hi

I have several web forms that require users verification by entering a code
before they are allowed in. I have created a separate web form for entering
and verifying user code. How do I incorporate this with web forms that
require security? I am very new to this and would appreciation some
clarification on how this sort of thing works in asp.net.

Thanks

Regards
 
J

Jos

John said:
Hi

I have several web forms that require users verification by entering
a code before they are allowed in. I have created a separate web form
for entering and verifying user code. How do I incorporate this with
web forms that require security? I am very new to this and would
appreciation some clarification on how this sort of thing works in
asp.net.

There are several tutorials around, such as this one:
http://www.dotnetjunkies.com/quickstart/aspplus/doc/securityoverview.aspx

The standard way is to put all protected aspx files in a separate
folder, and protect the folder through web.config.

ASP.NET will do most of the work then.
 
J

John

Hi

Thanks. Gives a good idea of what asp.net presents in terms of security. My
problem is much simpler. Basically it is a staff application form and we
want potential staff to call office first and get the code so we can vet
them. Nothing security critical by a long shot just to keep unqualified
people from sending in applications and wasting our time. Any possibility of
being able to do this simple user authentication? There are several forms
that need it. There is one form that handles input and verification of the
code.

Thanks

Regards
 
G

Guest

Well John, with my understanding, you can use a session object to track the
user's authenticity in several pages.
on the page, user enters his credentials, set his session variable if he is
authenticated, like
Session["user"]='someValue';

Then on the page, where you need to check if the user is authenticated or
not, check the session variable you set, may be in the Page_Load() event, like

if(Session["user"]=='someValue')
{
// do whatever
}

in that way, the user wouldnt be able to anything on the page, if he doesnt
have that session variable. If he is nnot authenticated, Session["user"]
shouldnt contain any value, since you set it after the user is authenticated.
HTH
Let me knowif you have anymore questions
 
J

John

What statement do I use to redirect to login page if session page is not
set? As you can see I am very new at this.

Thanks

Regards


KumarReddu said:
Well John, with my understanding, you can use a session object to track the
user's authenticity in several pages.
on the page, user enters his credentials, set his session variable if he is
authenticated, like
Session["user"]='someValue';

Then on the page, where you need to check if the user is authenticated or
not, check the session variable you set, may be in the Page_Load() event, like

if(Session["user"]=='someValue')
{
// do whatever
}

in that way, the user wouldnt be able to anything on the page, if he doesnt
have that session variable. If he is nnot authenticated, Session["user"]
shouldnt contain any value, since you set it after the user is authenticated.
HTH
Let me knowif you have anymore questions



John said:
Hi

Thanks. Gives a good idea of what asp.net presents in terms of security. My
problem is much simpler. Basically it is a staff application form and we
want potential staff to call office first and get the code so we can vet
them. Nothing security critical by a long shot just to keep unqualified
people from sending in applications and wasting our time. Any possibility of
being able to do this simple user authentication? There are several forms
that need it. There is one form that handles input and verification of the
code.

Thanks

Regards
 
G

Greg Burns

You should not be trying to reinvent the wheel. Use forms authentication.
It will take care of all the dirty work for you.

http://www.dotnetjunkies.com/quickstart/aspplus/doc/formsauth.aspx

There are plenty of examples out there.

Greg


John said:
What statement do I use to redirect to login page if session page is not
set? As you can see I am very new at this.

Thanks

Regards


KumarReddu said:
Well John, with my understanding, you can use a session object to track the
user's authenticity in several pages.
on the page, user enters his credentials, set his session variable if he is
authenticated, like
Session["user"]='someValue';

Then on the page, where you need to check if the user is authenticated or
not, check the session variable you set, may be in the Page_Load() event, like

if(Session["user"]=='someValue')
{
// do whatever
}

in that way, the user wouldnt be able to anything on the page, if he doesnt
have that session variable. If he is nnot authenticated, Session["user"]
shouldnt contain any value, since you set it after the user is authenticated.
HTH
Let me knowif you have anymore questions



John said:
Hi

Thanks. Gives a good idea of what asp.net presents in terms of
security. My
problem is much simpler. Basically it is a staff application form and we
want potential staff to call office first and get the code so we can
vet
them. Nothing security critical by a long shot just to keep unqualified
people from sending in applications and wasting our time. Any possibility of
being able to do this simple user authentication? There are several forms
that need it. There is one form that handles input and verification of the
code.

Thanks

Regards


John wrote:
Hi

I have several web forms that require users verification by
entering
a code before they are allowed in. I have created a separate web form
for entering and verifying user code. How do I incorporate this
with
web forms that require security? I am very new to this and would
appreciation some clarification on how this sort of thing works in
asp.net.

There are several tutorials around, such as this one:
http://www.dotnetjunkies.com/quickstart/aspplus/doc/securityoverview.aspx

The standard way is to put all protected aspx files in a separate
folder, and protect the folder through web.config.

ASP.NET will do most of the work then.
 
G

Guest

Well i guess Forms Auth could solve ur problem!
GDLUCK

Greg Burns said:
You should not be trying to reinvent the wheel. Use forms authentication.
It will take care of all the dirty work for you.

http://www.dotnetjunkies.com/quickstart/aspplus/doc/formsauth.aspx

There are plenty of examples out there.

Greg


John said:
What statement do I use to redirect to login page if session page is not
set? As you can see I am very new at this.

Thanks

Regards


KumarReddu said:
Well John, with my understanding, you can use a session object to track the
user's authenticity in several pages.
on the page, user enters his credentials, set his session variable if he is
authenticated, like
Session["user"]='someValue';

Then on the page, where you need to check if the user is authenticated or
not, check the session variable you set, may be in the Page_Load() event, like

if(Session["user"]=='someValue')
{
// do whatever
}

in that way, the user wouldnt be able to anything on the page, if he doesnt
have that session variable. If he is nnot authenticated, Session["user"]
shouldnt contain any value, since you set it after the user is authenticated.
HTH
Let me knowif you have anymore questions



:

Hi

Thanks. Gives a good idea of what asp.net presents in terms of
security. My
problem is much simpler. Basically it is a staff application form and we
want potential staff to call office first and get the code so we can
vet
them. Nothing security critical by a long shot just to keep unqualified
people from sending in applications and wasting our time. Any possibility of
being able to do this simple user authentication? There are several forms
that need it. There is one form that handles input and verification of the
code.

Thanks

Regards


John wrote:
Hi

I have several web forms that require users verification by
entering
a code before they are allowed in. I have created a separate web form
for entering and verifying user code. How do I incorporate this
with
web forms that require security? I am very new to this and would
appreciation some clarification on how this sort of thing works in
asp.net.

There are several tutorials around, such as this one:
http://www.dotnetjunkies.com/quickstart/aspplus/doc/securityoverview.aspx

The standard way is to put all protected aspx files in a separate
folder, and protect the folder through web.config.

ASP.NET will do most of the work then.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,904
Latest member
HealthyVisionsCBDPrice

Latest Threads

Top