Easy 500 - ASP.NET Closing Sessions

I'm was currently working on a secure adminstration area for a website. The user will login and their details are validated/authenicated by means of an access database. A session is created. What would be the best to stop people from directly accessing the secure pages behind the login.

What i'd like is to response.redirect the user back to the login.aspx if no valid session etc exists. Also when the browser is closed i'd like the session/authenication to end... very similiar to how the login part of experts exchange works.

Any help or advice appreciated!
Cloud9_UserAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SystemExpertCommented:
Hi,

You should use role based authentication. see the following link

http://www.codeproject.com/aspnet/rolesbasedauthentication.asp

Thanks
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Cloud9_UserAuthor Commented:
Just to add... i'm currently using the Application_beginRequest to check whether the user session is valid but have once logged the sessions never seem to end.

0
DBAduck - Ben MillerPrincipal ConsultantCommented:
When you use Forms authentication, then ASP.NET handles the redirects and protects the folder from access without logging in.

Then you can couple that with role based authentication and allow multiple users in a role to get to the pages, or whatever your requirement is.

Ben.
0
Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

GENTPCommented:
I'd just put a yes/no field in the database, and call it Admin. When you validate a user, make sure to find out if they are an admin or not, and set Session["admin"]=true.

Then in the onload event of the admin page, simply do:

if(!Convert.ToBoolean(Session["admin"].ToString()))
    Response.Redirect("nonadminpage.aspx");
0
Cloud9_UserAuthor Commented:
Handling the session isn't too much of a problem, getting the session to close is though. i know it timeouts after a set period i.e 20 minutes by default but i'd like to have it closed when the browser closes.

Does any know how the likes of experts exchange and googles gmail do it?
0
GENTPCommented:
Have you tried:
Session.Abandon();

Or maybe even having an unload event that does something like (but it creates the problem of having to know what page someone is leaving the site from, not a very good solution):
Session.Timeout=1;//timeouts must be greater than 0, so you won't be able to do that :P
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ASP.NET

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.