authenticating and postback

We are using role base authentication. What I was wondering is should the User.IsInRole be checked each time the page is hit or only the first time: ie


private void Page_Load(object sender, System.EventArgs e)
{
if (!Page.IsPostBack)
{
if (User.IsInRole("Admin")
{
do something
}
else
Redirect.Response("login.aspx")
}

OR
private void Page_Load(object sender, System.EventArgs e)
{

if (User.IsInRole("Admin")
{

if (!Page.IsPostBack)
{

DO SOMETHING

}

}
else
Redirect.Response("login.aspx")



Is there a security issue with the first one?
                        
      
dotnet22Asked:
Who is Participating?
 
raterusCommented:
How about neither? :-)

Check the <authorization> section in Web.Config, you can set up "role access" to folders/pages, and not have to do any checks like this!

example:
            <authorization>
                  <allow roles="Admin" />
                  <deny users="*" />
            </authorization>
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.