Quickest way to require authentication in asp.net webform?

Question

As of right now, I have the user register/log in and then if successful, redirect them to the homepage. However, this is extremely artificial as the user can simply type the ur

Answer 1

Here is Walkthrough: Creating a Website with Membership and User Logon that you can use.

As far as using cookies is concerned, they can be exploited. To be safe, its best not to put anything of value in them. If you have to, then you should secure them (another topic all together). In the scope of your question, know that ASP.NET encodes and hashes its authorization ticket so you are ok using the default cookie settings. More info on the Web.config form element attributes here.

Forms Authentication is setup in the Web.config file. You can set the slidingExpiration attribute to log a user out if they haven't made a request with in the time set in the attribute.

Answer 2

Check How to: Implement Simple Forms Authentication.

This type of authentication requires a log-in form referenced in web.config. It can be done with or without cookie: Cookieless Forms Authentication.

Answer 3

Take a look at this MSDN tutorial:

http://msdn.microsoft.com/en-us/library/ie/xdt4thhy.aspx

Answer 4

You can use the builtin asp.net sql membershiprovider and login controls for register and login this is implemented in the default web application project. Then you can check the value of Request.IsAuthenticated in page load and redirect to login page with Response.Redirect(loginPageUrl)

1) http://www.asp.net/web-forms/overview/security good place to start.

2) If you are using the ASP.NET builtin authentication in most scenarios you dont have to worry about cookies. IMO nothing wrong with cookies :)

3) Usually you have to set this up in both. Generally you configure the auth method and the providers in web.config and do the redirection to login page in the codebehind or globally in global.asax.cs

Hope this helps.