Personally...
I have all of my aspx.vb pages derive themselves from a general template.
Now I know this isn't what you're asking, but in the template I have a few
public properties, one of them being AccessLevel. So basically, on each aspx
page, I define the access level and then it checks it based on user session
info. here is an example...
Private _accessLevel As String = "Not Set"
Public Property AccessLevel(ByVal pageLevel As String)
Get
Return _accessLevel
End Get
Set(ByVal Value)
_accessLevel = pageLevel
Select Case _accessLevel
Case "General"
'do nothing, no access needed
Case "User"
If Not Session("UserLoggedIn") Then
Response.Redirect("default.aspx")
End If
End Select
End Set
End Property
and then from each page in the Page_Load I say:
Me.AccessLevel="General" or "User" or "Admin" and that restricts the page
each time it is accessed!
"Marc" <no****@nospam.com> wrote in message
news:eC**************@TK2MSFTNGP10.phx.gbl...
You could use the Session_Start subroutine in Global.asax
Sub Session_Start(ByVal sender As Object, ByVal e As EventArgs)
' If the Session variable User is defined, then we can assume the
user has logged in.
' Otherwise, redirect to the Login.aspx page (assumed to be in the
root folder).
If Session("User") Is Nothing Then
Response.Redirect("/" & Request.Url.Segments(1).ToString &
"Login.aspx", True)
End If
End Sub
"swbaz" <sw***@highstream.net> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl... What is an effect way to prevent users from viewing a webpage
directly by typing in its URL?
For example: If a default page is set up as a login screen with user
name and password.
The user types in correct information and clicks the submit button.
The next webpage comes up, displaying its URL. So what's to stop the
user bypassing the login screen next time around? I would like to show
an access denied message if this happens. Any suggestions?
S
