Check if the user is on an unauthorized page

Question

Check if the user is on an unauthorized page

I have a few lines in my web.config file that look like this:

    <authentication mode="Forms">
      <forms loginUrl="~/Account/Login.aspx" timeout="2880" />
    </authentication>

  <location path="Error.aspx">
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
  <location path="Default.aspx">
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>

I control the login methods myself. Let's assume that the user is not logged in and went to the abc.aspx page. The Abc.aspx page is not allowed to be viewed without logging in as shown in the web.config above, only default.aspx and error.aspx are allowed. How can I check dynamically if the page I am currently on is valid web.config? I could hard code it, but I want to make sure it's doable. So all I have to do is change the web.config not my code every time I want to add a page to the exception list.

+3

c # asp.net web-config

Lukas 05 Feb 13 at 21:34

source to share

2 answers

rs. · Answer 1 · 2013-02-07T16:49:23+0000

Add this to your webconfig after the authentcation tag. This will provide access to the page for unauthorized users, other tags you added should allow anonymous access to the pages you specified.

<authorization>
  <deny users="?"/>
</authorization>

Eamon · Answer 2 · 2013-02-07T16:43:25+0000

On each page, you can add:

    protected void Page_Load(object sender, EventArgs e)
    {
            if (!Request.IsAuthenticated)
            {
                Response.Redirect("~/Account/Login.aspx");
            }

    }

Check if the user is on an unauthorized page

More articles: