In my ASP.NET web application and there is one function will consume a lot server resources.
When running this function, i would like to temporary disallowed user to access to certain page and redirect user to a alert page to inform them come back later.
When this function is completed, users will allowed to access all pages.
Is there any way i can do this?
In the page you do not won't to get user access simply write this line of code under page_Load
Response.Redirect("Thealertpage.aspx");
Then in your alert page place your message to the users and a button to redirect somewhere else in your website using the same line above but with a different page link. Alternatively, just remove the page and name the warning page as per the removed page.
I was also considering to suggest you to use a session variable to be set in your admin page by a check box but you would need to save the checkbox status in the db. Too over designed for something temporary like in your case.
Related
I am assigned with the task of performing authorization in asp.net webforms. So I need to check if user is allowed to visit the page. So started like I stored users privileges in Db and upon login I fetch privileges also.
What is now done is in every page load I check if the page name is in privilege list. then I come across terms like handlers,modules,global.asax which are targets where I could write all these tasks.
Is this the right approach?
What should I choose> Gloabasl.asax or handler or module
you can create a class inherits from page class, and add your method there. then make all your pages inherits from the new class
I wish to replicate similar functionality that ASP provides, that when a user is not authenticated, they are redirected to a specific page (the login page).
However, Instead of the login page, I wish to persistently send the user to a specific action on a controller until the user fills in a form to change their password for the first time when they ARE authenticated.
When they first log in, I am checking the following and redirecting them here accordingly:
if (user.HasChangedPassword())
{
// This user hasn't changed their password to something more secure, send them to the page to change it
return this.Redirect("Manage");
}
I would like to take this code out of my login code and have it checked site wide, so that the user is restricted to the single "Manage" action on my controller until they have set a secure password.
Please can you tell me where I could put this code so that it is effective site wide within my project?
The only thing I can think of is to check this in each of my controllers which seems very untidy.
Create an action filter and register it as a global filter.
ASP.NET MVC Action filters
Example of registering filter globally
I have a web application that uses Visual Basic 2008, C#, and the ASP.NET 3.5 Framework. It consists of five pages:
Index (Index.html)
About us (AboutUs.html)
Contact us (ContactUs.html)
User login (Login.aspx)
User home (UserHome.aspx)
All pages contain a menu to navigate to all other pages.
Is it possible to clear a session from an HTML page? If a user logs in, navigates to the Contact Us page, then logs out from that page, how can I clear session variables?
No, Sessions are server-side variables and can not be changed in the client-side.
Here are some tips:
Use masterpages
You can use HttpXmlRequest to clear the session
Redirect user to page (for example logout.aspx) and in its code
behind, in onLoad Method put this code:
Session["UserId"] = null; Response.Redirect("Index.html",true);
you may try to add code like
<% Session.Abandon() %>
in your HTML page.
This style called inline ASP .net Code.
Note that, inline code still works in all .Net version event in the classic one.
I want my anonymous user to be able to navigate throughout the website, but if he presses any button inside the site, he should be redirected to a login page. How do I achieve this?
Are there functions that I should use in the FormAuthentication class?
You can set authentication in files by some setting in in web.config like.
this will allow you to navigate all the pages.
Now for any event in page like button click or something else you can write a function in which you can check authentication and authorization of user by Membership provider
like
using System.Security.Authentication
Public void IsValidUser()
{
if(User.Identity.Name!=string.empty)
Response.Redirect("~login.aspx");
else
{
if(!User.Identity.IsAuthenticated)
Response.Redirect("~login.aspx");
}
}
Unfortunately, you need to write your own custom code for this (of course, you can use ASP.NET infrastructure). A general outline will be
Configure forms authentication so that all pages are marked as unsecured (i.e. anonymous access is allowed)
On click on any button, check if user is authenticated or not and if not then redirect to login page (using FormsAuthentication.RedirectToLoginPage method)
From better use experience, instead of doing post-back in #2, I will generate a java-script that will pop-up the login prompt (a modal dialog) if necessary and do the login via ajax call and then re-submit the form. Using library such as jquery, you can attach the necessary script-let to all submit buttons (or buttons marked with specific class) on the form.
I am developing an application using Asp.Net.My question is whether there is any solution to display a page only for the first time.i.e when the user logs in for the first time it should ask to change the password but when the user logs in after changing the password it should not display the changepassword page instead it should redirect to another page.I have used session variables to do this but after the session expires its again showing the change password page.Can anyone help me to solve this problem.
You should take a flag parameter in database as per user and set the flag on first login. If it is set then don't display the page.
Since the lifetime of the flag for showing this page is tied to the lifetime of the user entity, you have to keep it as a property of the user entity.
In other words - save it as a flag in the database where you keep the user details.
A common approach for this issue is to store the "user is logged-in" flag as a cookie, rather than in session state. The built-in ASP.NET membership system works that way, for example, using the concept of a "ticket."