• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 805
  • Last Modified:

Postback check

I need to check if a user is logged in or not on page postback. It the user not is logged in I need to do a redirect. So far, so good.

The only problem comes when the user logs in. This is a postback, so the user will not get logged in if I do this postback check. Grr...

I need to check if the user is logged in each time the page posts back because sometimes the user gets logged out and then he should not be able to "do stuff"...

Here is the simple code:

protected void Page_Load(object sender, EventArgs e)
{
    if (!Page.IsPostBack)
    {
        if (HttpContext.Current.User.Identity.Name != "")
        {
            // Bind info
        }
        else
        {
            // Do something else
        }
    }
    else
    {
        // Redirect user on postback if not logged in anymore
        if (HttpContext.Current.User.Identity.Name == "") Response.Redirect("/");
    }
}

Open in new window

0
webressurs
Asked:
webressurs
  • 3
  • 3
  • 2
1 Solution
 
CluskittCommented:
Use LoadComplete event instead to check for login status. That way, they will already be logged in at that time.
0
 
webressursAuthor Commented:
If i use LoadComplete the user is not redirected when he is logged out and page.postback occures...
0
 
CluskittCommented:
You can still redirect on LoadComplete. I've tested this on our site and works as expected. Just do whatever you have to do normally but remove the check (and only the check, not the login procedure) from Load. Move the Check to LoadComplete and it should work properly, redirecting if the user isn't logged on. If the user has just logged on, by the time the page reaches the LoadComplete event, he already has credentials loaded.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Roopesh ReddyCommented:
Hi,

Feasible solution will be -

1. Once the user is logged in, create a session variable with a flag  and update the flag with some status.
2. Now on every post back, you can check this session variable, if fails you can redirect him to login page.
3. Once user logs out, you can update this session variable, so that if users performs any action, it will be redirected to the login page!

Hope it helps u...
0
 
webressursAuthor Commented:
Here is the scenario:

If a user is logged in and clicks the logout button the user is redirected to the index page. But, if the user click "Back" in the browser he can still access the page that requires login. Then, if the user try to save some information this information is saved on a blank user ("").

If I add this code, information is still saved with user = "" like the example above:

protected void Page_LoadComplete(object sender, EventArgs e)
{
    if (HttpContext.Current.User.Identity.Name == "") Response.Redirect("/");
}

Open in new window

0
 
webressursAuthor Commented:
Is seems like I have to add a login-check on each method that saves data? I hoped there was possible to do this once for the entire page...
0
 
CluskittCommented:
Why don't you use User.Identity.IsAuthenticated instead? It's much better than relying on Name. Anyway, you can simply add a check before doing inserts/selects/updates/deletes:
if (User.Identity.IsAuthenticated)
{
//Do my code
}
else
{
//redirect to login, or similar
}

Instead of relying on page load, just add this to button click event, textchanged, etc..., wherever you need a sensitive operation on the DB that requires logon.

I, personally, use a check on page load, but logon redirection, in our site, has been defined to always go to the same page. Basically, if the user isn't authenticated at page load, I redirect to the login page. Once the user logs in, he doesn't get redirected back, but rather is redirected to a default page.
0
 
Roopesh ReddyCommented:
Hi,

Check the solution in this thread!

http://www.codeproject.com/Questions/373060/How-to-restrict-web-page-access-after-logout

Hope it helps u...
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

  • 3
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now