FormsAuthentication Question

[AppzDev]

I have a question regarding formsauthentication and page authentication in general.

I am capturing 3 session variables once a user successfully logs into the application. On various pages throughout the application i use these variables. On *all* the pages, if the session("username") is not valued i redirect them back to the login page, for all the pages. However, i have to make sure i add code on every pages Page_Load to test for this session.

My question is this, is there an easier, more secure way of doing this? Can i use say the web.config to test for these variables and redirect if the session has been terminated?

Any advice/help is appreciated.

isdc.

 

[Veep]

Use the Application_AuthenticateRequest event in Global.asax. Some good examples of how to do it are the Time Tracker or Issue Tracker starter kits. Download one (or both) and look at the code. It's pretty self explanitory.

http://www.asp.net/downloads/default.aspx?tabindex=5

 

[AppzDev]

I started to explore using the global.asax file but never really found anything concrete that fully showed what i wanted to do. I'll have a look at those examples.

Thank You for the tip.

 

[Veep]

Good luck. If you have any questions regarding implementation just post them back here.