Hi all,

I am a bit of a newbie so hopefully someone can guide me....

I want to create an authentication page for my internal web application (kind of an employee toolkit on an intranet).

I am planning on using an Access db to hold user names, passwords, along with all of the data my app will need.

For a login page, I can ensure the user name and password matches a user on the db, no problem. How do I protect the pages to ensure they cannot be accessed directly? My initial thought was to create a field in the db for authentication but:

1. That is a lot of hits to the db to check authentication, every page load
2. I need a way of ensuring it is set back to false when they exit the page and I do not know how to do that.

Any help is appreciated!

Thanks

-Ivan

You just set a session state when someone validates their login.

'logon.asp
If uservalidates then Session("LoggedOn") = True


Now, on all your protected pages you check to see if the session state is true or false. If it is not true then send them back to logon.

' protectedpage.asp
If not Session("LoggedOn") then response.redirect("logon.asp")

You just set a session state when someone validates their login.

'logon.asp
If uservalidates then Session("LoggedOn") = True


Now, on all your protected pages you check to see if the session state is true or false. If it is not true then send them back to logon.

' protectedpage.asp
If not Session("LoggedOn") then response.redirect("logon.asp")

Thanks, that was too easy!

Okay so it wasnt so easy.

This is my code in the button click event:

Protected Sub LoginButton_Click(ByVal sender As Object, ByVal e As EventArgs) Handles LoginButton.Click
Dim objEmployee As New Employee(UserNameTextBox.Text, PasswordTextBox.Text)
Dim successfulLogin As Boolean = False

'Attemp to login and determine if successful.
successfulLogin = objEmployee.Login()

If successfulLogin = True Then
Session("LoggedOn") = True
Else
Session("LoggedOn") = False
MsgBox("Login failed. Please try again.", MsgBoxStyle.Exclamation, "Login Failed to Elite Toolkit")
End If
End Sub

When I go into the site and try to login, it just returns me to the login page. It seems I am never authenticating. I placed a debug marker in this section of code and the app never breaks to let me see the variables in this portion of code. I am wondering if it is even running.

I am new to asp.net, my background is with vb (intermediate at best)

You should post this in the .NET forum.

But be sure you aren't validating a user on the logon page. If you have to be logged on to logon then you will never logon.. lol

No I am not checking for validation on the login page. It redirects the user to default.aspx which has a master page. The code for checking validation is in the master page. it redirects the user back if the login fails.

Are you verifying that successfulLogin = True?


After
successfulLogin = objEmployee.Login()

place this
response.write "login = " & successfulLogin
response.end

I placed that code in and do not see anything. But I am wondering if the post back is redirecting to default.aspx too fast for me to see it.

If you don't see the code then your query is not being hit.

I figured it out. As is the case most of the time dumb user mistake.

I used an or instead of an and in my if statement to check something earlier and it was skipping everything