Daves wrote:
ok it's just a short code to check if user has access to the current
page and so to forward him to login page if not. The content page sets the
PageNeedsLogin property which the masterpage code checks for...
so I'd add a void Page_PreRender(...) event function, right?
Hang on. Wouldn't you want to check permissions BEFORE you populate
the page? Not only are you throwing away a lot of effort, but you're
opening yourself up to some nice security holes too. Imagine a user
calling:
DeleteSomeRecord.aspx?recordID=1000
If you perform all your processing, and only wait until
Page_PreRender() to redirect, the page will have done its thing
already. Redirecting the user would then only stop him from seeing the
"Successfully Deleted Company #1000" message.
First order of business in Page_Load should be to do any security
checking and user redirection.
Good luck!
Jason
http://www.expatsoftware.com/