I am trying to prevent unauthorized access to pages on my VB.Net website. I have set up users manually and I am using Sessions to store the information about the User. I am not using the built in login and authentication features due to other reasons.
The code I am trying to run on Page Load is ..
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
If Session("Role") = "Admin" Then
So if the Session("Role") is "Admin" then it will do nothing and allow the user access to the page, but for all other users it will send them back to the homepage.
This however doesnt work, you always get sent back to the default.aspx page, regardless of whether Session("Role") = Admin or not, as I have checked by using a MsgBox(Session("Role")), which returns "Admin".
Im thinking im using the wrong event, should I use something instead of Load?