I get acquainted with ASP.NET webforms, the question is whether I did it correctly if the session is inactive and when I try to go to some page without authorization on all pages I have

if (Session["ID_USER"] == null) { Response.Redirect("index.aspx"); }

Redirect to login page.

  • Possible options. 1. In the same user there is a Page.User.Identity.IsAuthenticated property (in one of the projects, Forms authorization). 2. You can configure it via web.config (I have it configured this way). And your version is similar to the "manual" - nick_n_a
  • session and authentication are two completely different things in asp.net. session is the current browser session, it has nothing to do with login and authorization. you need exactly authentication. Look msdn.microsoft.com/ru-ru/library/7t6b43z4.aspx and further under links. - PashaPash
  • It seemed to me by ID_USER that you are trying to do a "manual" authorization. Often, authorization is tied to a session (if a session is lost, authorization disappears), but not always. - nick_n_a

1 answer 1

Option 1. The easiest way is to configure web.config like this:

 <configuration> <system.web> <authentication mode="Forms"> <forms loginUrl="login.aspx" defaultUrl="default.aspx" protection="All" timeout="30" path="/" requireSSL="false" slidingExpiration="true" cookieless="UseDeviceProfile" domain="" enableCrossAppRedirects="false"> </forms> </authentication>

And then do not need to do a bunch of checks.

Option 2. Check the Page.User.Identity.IsAuthenticated property

Perhaps there are other options for testing, brought something that is simpler.

  • I did as you wrote in version 1, the login and default page for me is the same page. I did this: <authentication mode = "Forms"> <forms loginUrl = "~ / index.aspx" timeout = "30" defaultUrl = "index.aspx" protection = "All" path = "/ requireSSL =" false "slidingExpiration = "true" cookieless = "UseDeviceProfile" domain = "" enableCrossAppRedirects = "false" /> </ authentication>. When you try to go to other pages without authorization, everything is ok, that is, it does not plow. - Winteriscoming
  • @Winteriscoming Add configuration for <authorization><deny users="?" /></authorization> <authorization><deny users="?" /></authorization> . - nick_n_a