Codeguru Posted September 30, 2012 Share Posted September 30, 2012 I'm trying to get myself aquainted with ASP.NET and I've been following through the WebMatrix Demo here. Now when it it tells me to add the code: if (!WebSecurity.IsAuthenticated){Response.Redirect("~/Account/Login");} Adding that to a page in order to redirect it away from a restricted page. Well, on the demo, it seems every page passes the Websecurity.IsAuthenticated check no matter if I have entered a login/password or not on the login screen. Is there a key bit of syntax that wasn't included to finish adding security to specific pages?... Link to comment Share on other sites More sharing options...
niche Posted September 30, 2012 Share Posted September 30, 2012 (edited) To authenticate you must have something secure to make a comparison typically a database. So, your next step would be to write the script that makes that kind of comparison. Edited September 30, 2012 by niche Link to comment Share on other sites More sharing options...
Codeguru Posted September 30, 2012 Author Share Posted September 30, 2012 Okay, I have the code block: @{// Initialize pagevar username = "";var password = "";var ErrorMessage = "";// If this is a POST request, validate and process dataif (IsPost){username = Request.Form["username"];password = Request.Form["password"];if (username.IsEmpty() || password.IsEmpty()){ErrorMessage = "You must specify a username and password.";}else{// Login, Navigate back to the homepage and exitif (WebSecurity.Login(username, password, false)){Response.Redirect("~/");}else{ErrorMessage = "Login failed";}}}}@if (ErrorMessage!="") {<p>@ErrorMessage</p><p>Please correct the errors and try again.</p>}<form method="post" action=""><fieldset><legend>Log In to Your Account</legend><ol><li><label>Username:</label><input type="text" id="username" name="username" /></li><li><label>Password:</label><input type="password" id="password" name="password" /></li><li><p><input type="submit" value="login" /></p></li></ol></fieldset></form> I think it's doing that authenticate thing with the "WebSecurity.Login(username, password, false)" line. But the problem is by default, the websecurity.isauthenticated is set to true, at least on my example. Shouldn't it always be a false check if the page is freshly loaded? I did log in with a valid user name and password initially before they had me add the security. Does the initial login just keep the authenticate option set to true?... Link to comment Share on other sites More sharing options...
Codeguru Posted September 30, 2012 Author Share Posted September 30, 2012 Okay, yeah. That was the case. The initial logon was perpetuated beyond me just closing the window and loading the page up again. I just have to program a submit button to show somewhere on the page when a user is logged in that allows them to log out... Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now