Where to place authentication in ASP.NET
I have some code used to detect if a user is logged in and I want to put it on every page in an ASP.NET website so that only registered users can view it. The problem is that the site is split into multiple projects / solutions, so keeping one piece of code can be difficult.
I thought I could create a class that inherits System.Web.UI.Page
and overrides Page_Init
, but that would require changing all the pages to inherit the new class. Also I don't think this will work across projects.
So, I thought about approaching the problem from the other side: using AOP. I've never used Aspects before, but it looks like I could use PostSharp to write Aspect that injects code before each Page_Init
(or perhaps Page_Load
?). This might work as a quick fix, but I may run into problems if I need a page to not authenticate (accessible to everyone).
To clarify, I already have a login solution; I am just looking for a check that the login is on every page.
source to share
Take a look at HttpModules. The asp.net framework is already programmed so that the module works on every page request, you just need to write it and add it to web.config.
http://msdn.microsoft.com/en-us/library/zec9k340(v=vs.71).aspx
EDIT: Here's a better link demonstrating handling the BeginRequest event http://msdn.microsoft.com/en-us/library/ms227673(v=vs.85).aspx
source to share
As @jrummell mentioned MembershipProvider
, which is a great option, but if you are building your own login solution, a href = "http://support.microsoft.com/kb/301240" rel = "nofollow"> link that has a pretty simple step-by-step login procedure
source to share
Since you seem to be working with your login solution, create a class that overrides page_init sounds as your best option. This can work in other projects by simply creating this class in a separate project that you can include in your other solution. To be honest, this is the easiest way to cover logic across multiple projects. It will also be easy to maintain, because you only need to update one location in the future.
If you are using MasterPages, you will not need to hit all pages, you can just enable it on specific MasterPages and set all pages you want authentication to use that MasterPage on.
source to share
Windows Identity Foundation can fix this problem for you. See http://msdn.microsoft.com/en-us/security/aa570351 for details . There is no need to reinvent the wheel. If you only had one web application, form authentication would be sufficient.
source to share