why it is not restricting direct url access in my code?

Question

1.00/5 (1 vote)

See more:

please correct me...so basically i had implemented one code where i have used session variable now on successful login user can access through pages but aftr session expired it should again redirect to login page and at same time should prevent direct url access..how to do this?

Posted 21-Oct-15 1:27am

Member 11932995

Add a Solution

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Krunal Rohit · Answer 1 · 2015-10-21T01:38:00

Solution 1

On every page load, check if session is null or not and do the appropriate action.
Something like,

C#

protected void somepage_load(... ...)
{
    if(Session["UserSession"] == null)
    {
        Response.Redirect("~/login.aspx");
    }
    else
    {
        // load the page
    }
}

-KR

Posted 21-Oct-15 1:38am

Krunal Rohit

Sagar Haridas Shinde · Answer 2 · 2015-10-21T20:19:00

Solution 2

Use Global .asax file to check session.

Below link will be useful to you Try this
http://www.c-sharpcorner.com/UploadFile/0c1bb2/redirect-page-after-session-time-out-in-Asp-Net424/[^]

Posted 21-Oct-15 20:19pm

Sagar Haridas Shinde

Comments

Member 11932995 23-Oct-15 4:04am

thanks ,i followed your suggestions but now it is showing This webpage has a redirect loop error...and also this is not even restricting direct url access ...please help
this is my code,
if (!IsPostBack)
{
if (Session["DNA"] != null)
{
Response.Redirect("loginpage.aspx");

}
else
if(!HttpContext.Current.Request.Path.EndsWith("aboutus.aspx", StringComparison.InvariantCultureIgnoreCase))
Response.Redirect("aboutus.aspx");

}
so here this code is restricting direct url access but on logged in successfully while accessing directly it should redirect to about us page but instead it is redirecting and be in aloop of showing index page as the login page code is:
protected void btn_login_Click(object sender, EventArgs e)
{
if (Session["DNA"] != null)
{
string wrng_uname = "Enter the correct Username !";
string wrng_pswrd = "You Have Entered WRONG password !";

if (txt_uname.Text != "DNA")
{
ClientScript.RegisterStartupScript(this.GetType(), "myalert", "alert('" + wrng_uname + "');", true);
}
else
if (txt_uname.Text == "DNA" && txt_password.Text != "qwaszx123")

ClientScript.RegisterStartupScript(this.GetType(), "myalert", "alert('" + wrng_pswrd + "');", true);

else
if (txt_uname.Text == "DNA" && txt_password.Text == "qwaszx123")
{
Response.Redirect("index.aspx");

}
}

}

Sagar Haridas Shinde 23-Oct-15 6:27am

you are redirecting to same page again and again, so it created a loop

make sure that only redirected to a different page

if(!HttpContext.Current.Request.Path.EndsWith("PageName.aspx", StringComparison.InvariantCultureIgnoreCase))
Response.Redirect("PageName.aspx");

or

Try adding this to your web.config file:

http://stackoverflow.com/questions/15894254/how-to-solve-redirect-loop