How to block user directly access *.aspx file in virtuedirectory

[theresatan]

Hi,All

I have a secret.aspx page located in virtue directory and I want user access this page by login, then login page will redirect user to this secret.aspx page. I don't want them directly access this page.

I took off the "Read" property from this file located on virtue directory, but I still can access this page by type fillowing in IE5.5:
"

http://localhost/secret/secret.aspx"

.

If I put secret.htm on same virtue directory and took off the "Read" property from that file located on virtue directory, I got "The page cannot be displayed" message by type following in IE5.5.
"

http://localhost/secret/secret.htm"

How to make .aspx file have the same effect with .htm file.

I appreciate your imput.

Theresa

 

[jfrost10]

Hey Theresa,

One way to do it would be to create a boolean value in a session set to True if the user is logged in, false if not. Then on your "secret" page, in the page load have code that will check this session and see if its 'True'. If not, redirect to some other page. Else, let them see it.

If someone tries to access the page directly, unless the session variable has been created on the server and is True, the code should catch that it isn't 'True' and redirect as well.

We came up with a similar scheme for security in the web portal we've been building for our client, and it works pretty well.

Jack

 

[theresatan]

Jack:

It works.

Thank you very much.

Theresa

 

[jfrost10]

no problem.


Jack