Last post Jan 14, 2016 01:41 AM by oned_gk
Jan 13, 2016 11:44 AM|demoninside9|LINK
I just started using form authentication in my application. Where I have a master page.
So please let me know where to put code to verify whether user has logged in or not.
protected void Page_Load(object sender, EventArgs e)
Do I need to put above code in every form or it is just enough to put it into master page?
Jan 13, 2016 11:54 AM|sam_xiii|LINK
Assuming you are using webforms, you can configure that in you web.Config
If you are using MVC, you can add the AuthorizeAttribute in the AppStart/FilterConfig class
public class FilterConfig
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
http://www.sambeauvois.be | @sambeauvois
Jan 13, 2016 11:58 AM|PatriceSc|LINK
You shouldn't need this at all. It should be done for you when you try to access a page that requires to be authenticated. More likely you configured authentication without configuring any authrorization rule. See
https://support.microsoft.com/en-us/kb/316871 and check the location/authorization tag depending on what you need.
Jan 14, 2016 01:41 AM|oned_gk|LINK
You don't need to do anything
With Form Authentication, if you want to access a page that need authentication and you have not logged in, you will automaticaly redirected to login page with ReturnUrl querystring.
RedirectToLoginPage method in login.aspx will redirect you back to the page you want to access (ReturnUrl)
To determine you have loggedin or not, add loginview and loginstatus control in masterpage
<asp:LoginView ID="HeadLoginView" runat="server" EnableViewState="false">
Please [ <a href="~/Account/Login.aspx" ID="HeadLoginStatus" runat="server">Log In</a> ]!
Welcome, <span class="bold"><asp:LoginName ID="HeadLoginName" runat="server" /></span>!
[ <asp:LoginStatus ID="HeadLoginStatus" runat="server" LogoutAction="Redirect" LogoutText="Log Out" LogoutPageUrl="~/"/> ]
use web.config to configure authorization to deny or allow someone