hello there,
I am doing asp.net 2.0 . I'm doing conventional admin authentican throught database, if approved it'll be redirected to admin page. The question is how can I secure the admin page, make sure no one will just type the path and get in.

thank you


edit:I should've posted in .NET forum, could someone please move it there?

are you using the roles based Authentication?
If so you can add a section to your web config that will restrict access to that page unless you are in the admin role.

Other wise youll have to add some code into the page_load sub which checks to see if the user accessing the page is an admin. If not redirect to an page that displays a page access error or to the home page.

Im not sure how your tracking if the user is an admin or not but this is basically what you want to do

If User <> "Admin" Then
Response.redirect "Somepage.aspx"
End If

Depending on how the page is set up i might even set a viewstate variable so that you dont have to check on a postback as the viewstate variable will be populated.

Thanks for responding. I am not using roles. Basically in my AdminLogIn page

if (admin){
Session["user"] = admin
Responsde.redirect("AdminPanel.aspx")
}

I am not sure how can I use this session variable inside the Load_page () to make sure that this is the admin who is requesting the AdminPanel page.

thank you

I don't believe I couldn't figure it out the time I posted this question. It is ok now