473,320 Members | 2,094 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

User Authentication

When a user accesses our site, I would like to authenticate them and redirect
them to the login page if they are not authenticated. Problem is that the
method I am using in global runs more than once and the line where I check
the session username returns an error the second time through. The error is:
Object reference not set to an instance of an object. This code works in a
VS2003 project we have. Has it changed? Is there a better way to check to see
if a user is authenticated than what I am using? Thank you.

protected void Application_AcquireRequestState(Object sender, EventArgs e)
{
bool authenticationRequired = true;
string filePath = string.Empty;

if (HttpContext.Current.Session["Username"] != null) //Error here on second
iteration
{
filePath = HttpContext.Current.Request.FilePath.ToLower();

foreach (string pageFile in PagesThatDoNotRequireLogin)
{
if (filePath.LastIndexOf(pageFile) >= 0)
{
authenticationRequired = false;
break;
}
}

if (authenticationRequired)
{
HttpContext.Current.Response.Redirect(HttpContext. Current.Request.ApplicationPath + "/Index.aspx", true);
}
}
}
Mar 5 '07 #1
2 1822
I've said this many times, but I'm firmly of the opinion that you should use
Forms Authentication and role-based security. A quick Google will bring up
loads of material on the subject, e.g.

http://www.15seconds.com/issue/020220.htm

or

http://www.ondotnet.com/pub/a/dotnet...rmsauthp1.html

The above are just two, basic tutorials on Forms Authentication. You should
also check out role-based authorisation, e.g.

http://aspnet.4guysfromrolla.com/articles/082703-1.aspx

Once you have this set up, you can decorate your classes and/or methods with
attributes that will do the security checks you need (i.e. check a user is
logged in and has the correct authorisations). When security checks fail,
users are returned to the login page, if that's what you want.

Why reinvent the wheel?

HTH
Peter

"Wannabe" <Wa*****@discussions.microsoft.comwrote in message
news:92**********************************@microsof t.com...
When a user accesses our site, I would like to authenticate them and
redirect
them to the login page if they are not authenticated. Problem is that the
method I am using in global runs more than once and the line where I check
the session username returns an error the second time through. The error
is:
Object reference not set to an instance of an object. This code works in a
VS2003 project we have. Has it changed? Is there a better way to check to
see
if a user is authenticated than what I am using? Thank you.

protected void Application_AcquireRequestState(Object sender, EventArgs e)
{
bool authenticationRequired = true;
string filePath = string.Empty;

if (HttpContext.Current.Session["Username"] != null) //Error here on
second
iteration
{
filePath = HttpContext.Current.Request.FilePath.ToLower();

foreach (string pageFile in PagesThatDoNotRequireLogin)
{
if (filePath.LastIndexOf(pageFile) >= 0)
{
authenticationRequired = false;
break;
}
}

if (authenticationRequired)
{
HttpContext.Current.Response.Redirect(HttpContext. Current.Request.ApplicationPath
+ "/Index.aspx", true);
}
}
}

Mar 6 '07 #2
Thanks a lot, I'll read those articles and look at forms authentication.

"Peter Bradley" wrote:
I've said this many times, but I'm firmly of the opinion that you should use
Forms Authentication and role-based security. A quick Google will bring up
loads of material on the subject, e.g.

http://www.15seconds.com/issue/020220.htm

or

http://www.ondotnet.com/pub/a/dotnet...rmsauthp1.html

The above are just two, basic tutorials on Forms Authentication. You should
also check out role-based authorisation, e.g.

http://aspnet.4guysfromrolla.com/articles/082703-1.aspx

Once you have this set up, you can decorate your classes and/or methods with
attributes that will do the security checks you need (i.e. check a user is
logged in and has the correct authorisations). When security checks fail,
users are returned to the login page, if that's what you want.

Why reinvent the wheel?

HTH
Peter

"Wannabe" <Wa*****@discussions.microsoft.comwrote in message
news:92**********************************@microsof t.com...
When a user accesses our site, I would like to authenticate them and
redirect
them to the login page if they are not authenticated. Problem is that the
method I am using in global runs more than once and the line where I check
the session username returns an error the second time through. The error
is:
Object reference not set to an instance of an object. This code works in a
VS2003 project we have. Has it changed? Is there a better way to check to
see
if a user is authenticated than what I am using? Thank you.

protected void Application_AcquireRequestState(Object sender, EventArgs e)
{
bool authenticationRequired = true;
string filePath = string.Empty;

if (HttpContext.Current.Session["Username"] != null) //Error here on
second
iteration
{
filePath = HttpContext.Current.Request.FilePath.ToLower();

foreach (string pageFile in PagesThatDoNotRequireLogin)
{
if (filePath.LastIndexOf(pageFile) >= 0)
{
authenticationRequired = false;
break;
}
}

if (authenticationRequired)
{
HttpContext.Current.Response.Redirect(HttpContext. Current.Request.ApplicationPath
+ "/Index.aspx", true);
}
}
}


Mar 6 '07 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
by: Tim Daneliuk | last post by:
OK, I've Googled for this and cannot seem to quite find what I need. So, I turn to the Gentle Geniuses here for help. Here is what I need to do from within a script: Given a username and a...
4
by: Dan Bart | last post by:
I am using an application which is a modification of IBuySpy Portal. It is using Forms authentication. Users login and their name is added to Context Then I use: ...
5
by: Matthew Louden | last post by:
I wrote ASP.NET application that access SQL Server database. When I run the application, it yields "Login failed for user '<COMPUTER_NAME>\ASPNET'" error message. I then did the following, but...
8
by: Joe | last post by:
I check for the NTLogin of a user by Page.User.Identity.Name, but when I put the app on the server the value for Page.User.Identity.Name is "" I had the <allow users="*/> attribute commented...
15
by: Tom Nowak | last post by:
I am writing a webapp in which a user is required to enter a login id and password on a login form. I have forms authenticaion coded in my web.config. Once the user is logged in, I want to use the...
1
by: noor | last post by:
hi, can any one tell me a javascript that can be called on mouseover event of a html link control . script can check from session either a user is login or not In the case of Login it will...
2
by: J | last post by:
Hello. I apologize if this isn't the appropriate group for this question but I was wondering if it's possible to allow regular windows domain users to change their passwords through an .asp page? ...
3
by: mario.colorado | last post by:
Hi! Does anyone know why it is that when I use: Request.LogonUserIdentity.User.ToString() I get something like: S-1-5-21-2268419..........
9
by: webrod | last post by:
Hi all, how can I check a user/password in a LDAP ? I don't want to connect with this user, I would like to connect to LDAP with a ADMIN_LOG/ADMIN_PWD, then do a query to find the user and...
6
by: MuZZy | last post by:
Hi, I am looking to find a way to get currently logged in user's object GUID without querying ActiveDirectory. For example, when i log in to my laptop from home, I'm not on the office network so...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.