4
I would like to know how to block access when the user is not logged in to the system, however, the only page that can be accessed is the Login and when he tries to access any other page redirect to login page, forcing the user to log in to the system.
I saw that these permissions can be made in mine web.config, someone can help me?
5
In the controllers you want only authenticated access put the attribute [Authorize]. This attribute checks if the user is authenticated and if not redirected to the login path entered in web.config. Doing this your controller should look like this:
[Authorize]
public class InicioController : Controller
{
...
}
It is also possible to check if the user is authenticated using User.Identity.IsAuthenticated. Using this you can serve content to those who are not experienced differently for example.
Just don’t forget that your login controller should not have the attribute [Authorize].
5
Just complementing @Richarddias' reply, setting the Web.config varies from technology to technology.
<configuration>
...
<system.webServer>
<modules>
<remove name="FormsAuthentication" />
</modules>
...
</system.webServer>
...
</configuration>
App_Start/Startup.Auth.cs public void ConfigureAuth(IAppBuilder app)
{
...
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"), // <-- Aqui
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
...
}
}
<configuration>
...
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
<authentication>
<forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>
...
</system.web>
...
</configuration>
Great, I’ll implement it here in my code. Thanks @Gypsy.
0
Just add the line below in the Page_load of the restricted access pages or in the Master Page if applicable.
Response.AppendHeader("Refresh", String.Concat((Session.Timeout * 60),";URL=/Login.aspx"));
0
Raphael just check the section variable, if there is any session with the validated ID, it allows access when it does not redirect.
As we know the best and safest way to transfer information between different Forms on Asp.net is by using Session variables. In the Session variables we can store any type of object, from robust Datasets to simple integers and/or Strings.
The only problem with these variables is that as we create new variables, our application becomes slower and requires more server resources. Then it is advisable to remove the variables as we no longer need them.
Because the Visual Studio Intelissense does not identify the session variables that we declare, sometimes we forget to remove a certain variable, this can end up generating serious performance problems, and even generating execution errors in our application.
For this we will create a routine that will scan the collection of Session variables and display us the name of each, and the value/type of each session variable declared in our application.
Add a new aspx form to your project called ver_session.aspx,
in the Load Event of our page, add the following code:
Okay, now as we run our application, we can open a new tab/browser window and directly access the ver_session.aspx page of our application. In it we have the name and value of each Session Variable!
Browser other questions tagged c# asp.net-mvc .net
You are not signed in. Login or sign up in order to post.
I put [Authorize] in the controllers, but I don’t know how to set this up on my web.config.
– Raphael Gumm
@Raphaelgumm When starting an ASP.NET MVC project with Individual User Accounts, this comes configured by default. Still needs the specific snippet?
– Leonel Sanches da Silva
@Gypsy Heart Mendez Please, I’m a little lost yet with this.
– Raphael Gumm