I would like to know how to block access when the user is not logged into the system, however, the only page that can be accessed is the Login page and when it tries to access any other page it redirects to the login page, user to log on to the system.
I saw that these permissions can be made on my web.config , can anyone help me?
Just by complementing @RichardDias' response, the Web.config setting varies from technology to technology.
<configuration>
...
<system.webServer>
<modules>
<remove name="FormsAuthentication" />
</modules>
...
</system.webServer>
...
</configuration>
App_Start/Startup.Auth.cs public void ConfigureAuth(IAppBuilder app)
{
...
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"), // <-- Aqui
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
...
}
}
<configuration>
...
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
<authentication>
<forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>
...
</system.web>
...
</configuration>
In the controllers that you want only authenticated access, set the [Authorize] attribute. This attribute checks to see if the user is authenticated and has not redirected to the login path entered in web.config . Doing so your controller should look like this:
[Authorize]
public class InicioController : Controller
{
...
}
You can also verify that the user is authenticated using User.Identity.IsAuthenticated . Using this you can serve content for those who are not differentiated in a differentiated way for example.
Just remember that your login controller should not have the [Authorize] attribute.
Just add the line below in the Page_Load of the restricted access pages or the Master Page if applicable.
Response.AppendHeader("Refresh", String.Concat((Session.Timeout * 60),";URL=/Login.aspx"));
Raphael just check the section variable, if there is any session with the valid ID, it allows access when it does not redirect.
As we know the best and safest way to transfer information between different forms in ASP.NET is using Session variables. In Session variables we can store any type of object, from robust DataSets to simple integers and / or strings.
The only problem with these variables is that as we are creating new variables, our application is getting slower and requiring more server resources. It is therefore advisable to remove the variables as we no longer need them.
Because Visual Studio's Intelissense does not identify the session variables we declare, we sometimes forget to remove a particular variable, which can lead to serious performance problems, and even generate execution errors in our application.
For this we will create a routine that will scan the collection of Session variables and show us the name of each, and the value / type of each session variable declared in our application.
To do this, add a new aspx form in your project called ver_session.aspx,
In the Load event of our page, add the following code:
Okay, now as we run our application, we can open a new tab / browser window and directly access the page ver_session.aspx, from our application. In it we have the name and value of each Session Variable!