Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 237
  • Last Modified:

authenticating and postback

We are using role base authentication. What I was wondering is should the User.IsInRole be checked each time the page is hit or only the first time: ie


private void Page_Load(object sender, System.EventArgs e)
{
if (!Page.IsPostBack)
{
if (User.IsInRole("Admin")
{
do something
}
else
Redirect.Response("login.aspx")
}

OR
private void Page_Load(object sender, System.EventArgs e)
{

if (User.IsInRole("Admin")
{

if (!Page.IsPostBack)
{

DO SOMETHING

}

}
else
Redirect.Response("login.aspx")



Is there a security issue with the first one?
                        
      
0
dotnet22
Asked:
dotnet22
1 Solution
 
raterusCommented:
How about neither? :-)

Check the <authorization> section in Web.Config, you can set up "role access" to folders/pages, and not have to do any checks like this!

example:
            <authorization>
                  <allow roles="Admin" />
                  <deny users="*" />
            </authorization>
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now