How can I have ASP.NET automatically redirect non-logged in Forms users to the login page?

前端 未结 4 1784
谎友^
谎友^ 2021-02-07 09:35

I have an ASP.NET website.

I want users who are not logged in to be automatically (re)directed to the login page, for example,

~/Account/Login.aspx


        
相关标签:
4条回答
  • 2021-02-07 09:54

    I know it's many years later, but if anyone finds themself here you may be missing this bit in the webconfig. Within the tag you need to add this:

    <location path="SecurePage.aspx">
    <system.web>
      <authorization>
        <deny users="?"/>
      </authorization>
    </system.web>
    

    This tells the site that SecurePage.aspx requries the user to be logged in. This is how I've been doing it for a few years now

    0 讨论(0)
  • 2021-02-07 09:55

    Add this to you web.config

    <system.web>
        // ...
        <authentication mode="Forms">
            <forms loginUrl="~/Account/Login.aspx" 
                   name=".ASPXFORMSAUTH" 
                   slidingExpiration="true" />
        </authentication>
    </system.web>
    
    0 讨论(0)
  • 2021-02-07 10:08

    I found the answer.

    Question: How do I automatically redirect non-logged in users to the login page?
    Answer: Deny anonymous users access


    Longer Explanation

    In order to automatically redirect non-logged in users to login page, you need to deny anonymous access to "all" pages. This is done in the site's web.config file:

    web.config

    <?xml version="1.0"?>
    <configuration>
       <system.web>
          ...
          <authorization>
             <deny users="?"/>
          </authorization>
       </system.web>
    </configuration>
    

    The special ? token is used to represent anonymous users.

    This, when combined with telling Forms authentication where the "Login" page is:

    <?xml version="1.0"?>
    <configuration>
       <system.web>
          ...
          <authentication mode="Forms">
             <forms loginUrl="~/Account/Login.aspx" timeout="2880"/>
          </authentication>
          <authorization>
             <deny users="?"/>
          </authorization>
       </system.web>
    </configuration>
    

    means that any any anonymous users will be automatically redirected to the login page.


    A question that seems to never have been asked before gets answered, and everybody lives.

    0 讨论(0)
  • 2021-02-07 10:10

    If you wish to force for all pages all used to be first logged in, you can capture the authentication request on global.asax and make this programmatically as:

    protected void Application_AuthenticateRequest(Object sender, EventArgs e)
    {
        // This is the page
        string cTheFile = HttpContext.Current.Request.Path;
    
        // Check if I am all ready on login page to avoid crash
        if (!cTheFile.EndsWith("login.aspx"))
        {
            // Extract the form's authentication cookie
            string cookieName = FormsAuthentication.FormsCookieName;
            HttpCookie authCookie = Context.Request.Cookies[cookieName];
    
            // If not logged in
            if (null == authCookie)
            // Alternative way of checking:
            //     if (HttpContext.Current.User == null || HttpContext.Current.User.Identity == null || !HttpContext.Current.User.Identity.IsAuthenticated)
            {
                Response.Redirect("/login.aspx", true);
                Response.End();
                return;
            }
        }
    }
    

    This code is called on every page and checks all pages on your site.

    0 讨论(0)
提交回复
热议问题