Control authentication from basepage

Question

I want to control user authentication in asp.net.

Assume that; there is two web from like StackOverflow.aspx and Default.aspx.

I want to get authenticated roles with below code:

public List<Roles> GetAuthenticatedRolesByModuleName(string moduleName)
{
    //below I wrote psedeu code
    var roles = "Select * From SiteRoles Where ModuleName = "Admin";
    //...   
}
//This function returns a result set which includes roles authentication for `moduleName` parameter.

And I will control it with current role which logon to the system.

I want to this in base page in asp.net.

In order to do it I make a BasePage.cs which inherits from System.Web.UI.Page. I want to write GetAuthenticatedRolesByModuleName function into BasePage.cs and when user enters StackOverflow.aspx I want to call the function from BasePage.cs.

StackOverflow.aspx have pageload event and I think I have to control role in Init().

I googled and find some sources such as: ASP.net "BasePage" class ideas but I did not understand clearly.

I want to get roles from base page function (moduleName is stack-overflow --> GetAuthenticatedRolesByModuleName(stack-overflow)) and control with current role. If the user is not authenticated, I will redirect it to the Default.aspx.

Response.Redirect("Default.aspx");

How can I do it? Can you tell me a way to implement it?

Answer 1

If you make a base page to globally check it using the OnpreInit or the OnInit will be somehow like that:

public abstract class BasePage : System.Web.UI.Page
{
    protected override void OnPreInit(EventArgs e)
    {
        string cTheFile = HttpContext.Current.Request.Path;

        // here select what part of that string you won to check out
        if(!GetAuthenticatedRolesByModuleName(cTheFile))
        {
            // some how avoid the crash if call the same page again
            if(!cTheFile.EndsWith("Default.aspx"))
            {       
                Response.Redirect("Default.aspx", true);
                return ;
            }
        }

        // continue with the rest of the page
        base.OnPreInit(e);
    }
}

but you can also make the same check and on global.asax using the Application_AuthenticateRequest as:

protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
    // αυτό είναι το path...
    string cTheFile = HttpContext.Current.Request.Path;

    // here select what part of that string you won to check out
    if(!GetAuthenticatedRolesByModuleName(cTheFile))
    {
        // some how avoid the crash if call the same page again
        if(!cTheFile.EndsWith("Default.aspx"))
        {       
            Response.Redirect("Default.aspx", true);
            Response.End();

            return ;
        }
    }
}       

Maybe some details according to your code need to add, but this is the general idea.