471,073 Members | 1,304 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,073 software developers and data experts.

How do I prevent users from viewing a webpage directly by typing in its URL?

What is an effect way to prevent users from viewing a webpage directly by
typing in its URL?

For example: If a default page is set up as a login screen with user name
and password.

The user types in correct information and clicks the submit button.

The next webpage comes up, displaying its URL. So what's to stop the user
bypassing the login screen next time around? I would like to show an access
denied message if this happens. Any suggestions?

S
Nov 17 '05 #1
2 3818
"swbaz" <sw***@highstream.net> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...
What is an effect way to prevent users from viewing a webpage directly by
typing in its URL?

For example: If a default page is set up as a login screen with user name
and password.

The user types in correct information and clicks the submit button.

The next webpage comes up, displaying its URL. So what's to stop the user
bypassing the login screen next time around? I would like to show an access denied message if this happens. Any suggestions?


You should look into Forms Authentication.

Otherwise, the only way to control what the user does in the browser is to
write your own browser.
--
John Saunders
Internet Engineer
jo***********@surfcontrol.com

Nov 17 '05 #2
Personally...

I have all of my aspx.vb pages derive themselves from a general template.
Now I know this isn't what you're asking, but in the template I have a few
public properties, one of them being AccessLevel. So basically, on each aspx
page, I define the access level and then it checks it based on user session
info. here is an example...

Private _accessLevel As String = "Not Set"

Public Property AccessLevel(ByVal pageLevel As String)

Get

Return _accessLevel

End Get

Set(ByVal Value)

_accessLevel = pageLevel

Select Case _accessLevel

Case "General"

'do nothing, no access needed

Case "User"

If Not Session("UserLoggedIn") Then

Response.Redirect("default.aspx")

End If

End Select

End Set

End Property

and then from each page in the Page_Load I say:

Me.AccessLevel="General" or "User" or "Admin" and that restricts the page
each time it is accessed!
"Marc" <no****@nospam.com> wrote in message
news:eC**************@TK2MSFTNGP10.phx.gbl...
You could use the Session_Start subroutine in Global.asax

Sub Session_Start(ByVal sender As Object, ByVal e As EventArgs)
' If the Session variable User is defined, then we can assume the
user has logged in.
' Otherwise, redirect to the Login.aspx page (assumed to be in the
root folder).

If Session("User") Is Nothing Then
Response.Redirect("/" & Request.Url.Segments(1).ToString &
"Login.aspx", True)
End If
End Sub

"swbaz" <sw***@highstream.net> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...
What is an effect way to prevent users from viewing a webpage

directly by
typing in its URL?

For example: If a default page is set up as a login screen with user

name
and password.

The user types in correct information and clicks the submit button.

The next webpage comes up, displaying its URL. So what's to stop the

user
bypassing the login screen next time around? I would like to show

an access
denied message if this happens. Any suggestions?

S


Nov 17 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

14 posts views Thread by Brian Maupin | last post: by
5 posts views Thread by JohnC | last post: by
3 posts views Thread by Phil | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.