Hi, I am using a custom membershipProvider I have developed. Now I need to understand what would be the best approach for logging out. I wrote the code below in the Page_Load of my login.aspx:

but I dont know if that is the best way to follow. Besides, I dont know the best way to hinder not authenticated users to type directly on the browser the mainPage.aspx and getting access to it...maybe I could put a code in Page_Load of mainPage.aspx, to test if user is authenticated, directing it to Login page if not. The code might be something like below:

 if (!Context.User.Identity.IsAuthenticated)

               response.redirect("login.aspx");

What do u guys think about it??? 

Thanks a lot!!!!!

 Hi,

             As per my thinking your logout approach is fine. For you login approach you can following web.config entry

<system.web>
        <authentication mode="Forms">
            <forms loginUrl="~/SignIn.aspx"></forms>
        </authentication>
 </system.web>

<configuration>
    <location path="Admin">
        <system.web>
            <authorization>
                <allow roles="Admin"/>
                <deny users="*"/>
            </authorization>
        </system.web>
    </location>
</configuration>
 

Well, then there is no configured way (in web.config for example) I can force not autenticathed users to go directly to login.aspx if they type a direct page, right?....I must place a specific code for that in each Load_Page of my webapp...correct?

As for your config :

<location path="Admin">
        <system.web>
            <authorization>
                <allow roles="Admin"/>
                <deny users="*"/>
            </authorization>
        </system.web>
    </location>

I didnt quite understand, wouldnt that deny access to anyone, but admin user? besides I dont have role concept as default membership "understands", therefore I dont think that might apply to my case...

Thanks again!!!

Hope to keep hearing from you.

I also noticed a weird thing. When I click on SignOut button and its redirected to Login.aspx, if I type Main.aspx on the browser it goes back to the page, showing the loginname as if it were still logged in, but actually its not. Its like it was saved in a cache or something. If I do that in another browser, then it behaves accordingly, redirecting it to login.aspx (considering this new browser window does not have that "cache"). Is it normal ? How can I avoid it?

Thanks again!

 Hi,

 If you don't have role kind of thing then also you can use web.config

<location path="Admin">
        <system.web>
            <authorization>
                <allow users="maheshs@brickred.com"/>
                <deny users="*"/>
            </authorization>
        </system.web>
    </location>

do u have a msn to talk about?

 Hi,

          I am on yahoo: maheshsingh21@yahoo.co.in