How to secure the logged-in web pages from direct url access in ASP.NET

I AM DEVELOPING A WEBSITE.
THERE is a default page. default.aspx from which user logs in by forms authentication
 (NOT using built in Login controls of ASP.NET 2.0
Inner pages are  say userprofile.aspx, changepassword .aspx.

I  want when a user types www.mydomian.aspx/ userprofile.aspx    or    www.mydomian.aspx/ changepassword .aspx they should be redirected to login page i.e. www.mydomian.aspx/ default.aspx    for obvious security reasons.

Please tell me a well secured way to do this
Thanks
dhiraj79Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

DhaestCommented:
protected void Page_Load(object sender, EventArgs e)
 {
        if (Session["Member_Id"] != null)
        {
            if (!Page.IsPostBack)
            {
            }
        }
        else
        {
            Response.Redirect("Register.aspx");
        }
 }
0
DhaestCommented:
If you are using forms authentication, you should use the below code in web.config file.

 <authorization>
<deny users="?"/>

<allow users="*"/>
</authorization>

Which will deny the anonymous users to enter and all all other users (authenticated).

In this case, automatically the request will be transfered to the login page you specified in the <forms> tag

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dhiraj79Author Commented:
Thanks Dhaest for reply.
I have still a problem after applying your solution.

I have to set of pages:
Pages which should not need authentication :
home.aspx, register.aspx and forgotpassword.aspx.
Pages which need authentication :
usertype1Home.aspx,usertype2Home.aspx, etc

by applying the above code register.aspx and forgotpassword.aspx are also not accessible wtihout authentication whose link are from home.aspx.
This should not happen.

Th C# code I am using for redirecting to usertype1Home.aspx,usertype2Home.aspx, etc
is(After checking credentials in database)
FormsAuthentication.RedirectFromLoginPage(username,false);
Response.redirect("usertype1Home.aspx);

Web.config code:
<Authentication mode "forms">
<forms  login url = "Home.aspx">
</Authentication >
<Authorization>
<deny users="?"/>

<allow users="*"/>

</Authorization>


The only problem is I want forgotpassword and Register pages to be accessible form home page without authentication.
0
Cloud Class® Course: C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

grogo21Commented:
I usually place the pages that require authentication in a separate directory.  I then place another web.cofig file in that directory with the following:

<configuration>
      <system.web>
                 <authorization>
                          <deny users="?" />
                  </authorization>
       </system.web>
</configuration>

This will require authentication for only the page contained in the directory.
0
grogo21Commented:
Or, define each page which requires authentication in the web.config like so:

    <location path="MyPage.aspx">
        <system.web>
            <authorization>
                <deny users="?"/>
            </authorization>
        </system.web>
    </location>
    <location path="AnotherPage.aspx">
        <system.web>
            <authorization>
                <deny users="?"/>
            </authorization>
        </system.web>
    </location>
0
prairiedogCommented:
Alternative way is to add <location> element in your current web.config like the attached code snippet.

<location path="home.aspx">
	<system.web>
		<authorization>
			<allow users="?" />
		</authorization>
	
	</system.web>
  </location>
 
<location path="register.aspx">
	<system.web>
		<authorization>
			<allow users="?" />
		</authorization>
	
	</system.web>
  </location>

Open in new window

0
prairiedogCommented:
Bump, ignore my last post.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
.NET Programming

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.