What is the best way to check a user's permissions while they are browsing through your website?

Question

Im fairly new to asp.net and am having a hard time finding information about this topic.

I am building a website which will allow users to upload videos. If the videos, for example, are inappropriate or off topic, I can suspend their account so the next time they sign in, they will be redirected to a "Your account has been suspended" page. What I'm trying to figure out is whats the best way to handle the following situation: I suspend a user's account AFTER they have just signed in. So they have already passed validation during the sign in process. I basically would like the user to be redirected to that "Your account has been suspended" page after the next action they perform. Besides checking the database on every postback (which seems a bit inefficient), what would be the best way to handle this?

Please let me know if you need more information or a better example.

Thank you any help

Answer 1

Here is my approach. Create a new BasePage and inherit your aspx pages from this class instead of System.Web.UI.Page.

public class BasePage : System.Web.UI.Page
{
   protected override void OnInit(EventArgs e)
   {
      if (!IsPostBack)
      {
         // I assume you already get the user's profile
         if (User.IsSuspended)
           Response.Redirect("/SuspendedPage.aspx");

         base.OnInit(e);     
      }    
   }
}

Updated:

There are a lot of ways to store a value through out the application life cycle. Here is one of them.

// Global.asax.cs
void Application_AuthenticateRequest(object sender, EventArgs e)
{
   if (HttpContext.Current.User != null && 
      HttpContext.Current.User.Identity.IsAuthenticated)
   {
      HttpContext.Current.Items["User"] = 
         GetUserByUsername(HttpContext.Current.User.Identity.Name);
   }
}