What is the best way to restrict access to pages

[mit99mh]

I am creating a web application - access is via login and the username and password validated against sql server db. What I want to know is how to "protect" pages being directly accessed - in php and asp I normally create a session variable eg isLoggedIn in the login script and set it to true and include a single line in each php / asp page in the application- that redirects user to the login page if they try to access a page without logging in first. Is this a reasonable way to proceed with .NET or is there something better?

Any help much appreciated.

 

[drew10]

With .net you now have more options. You can use the windows based authentication, the .net passport, or forms-based authentication(which is similar to the old session variable way, except you don't have to include any script on every page you want to protect). Check out some of these articles:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html/authaspdotnet.asp

http://www.gotdotnet.com/team/student/wintellect/

http://www.dotnetbips.com/toc.aspx?technology=aspnetsecurity

hth,
drew

 

[mit99mh]

cheers Drew