Posted on 2008-10-20
I have some webpages I only want certain users to view.
Currently when people login they get directed to webpages they can visit but I have persistent cookies set. So someone can can be still logged in and type the desired webapge on the address bar and bypass security so they can access restricted webpages.
this only checks if user has been logged in but not what user,
can i check Page.User.Identity.Name? but this means checking again the user against a database.
i log in using
sqlStmt = "Select 1 from login where su=1 and login='" + txtLog.Text + "' and password='" + sHashedPassword + "'"
If Not Request.IsAuthenticated Then