A.J
Reputation: 51
Best practice to check data of a user before logging in
There is a table that keeps a user's details. An admin can lock this user by setting the column called locked. Once the user is locked they cannot login. I am using The WebSecurity.Login to login. As of now I am letting the user to login, then it checks if they are not locked and if they are instead of home page they are redirected to locked page.
What is the best practice that I can use so that the user doesnt gets logged in, check the field and gets redirected. This is in MVC 4
Thanks in advance...
Upvotes: 1
Views: 121
Answers (1)
Simon Whitehead
Reputation: 65079
Maybe I misunderstand you.. but currently you have something like this:
Membership.LoginUser(userName, password);
if (CurrentUser.IsLocked) {
RedirectUser();
}
..can you not just replace it with something like this?:
var user = Membership.GetUser(userName, password);
if (user.IsLocked) {
Redirect();
}
else {
Membership.LoginUser(user);
}
... ?
Upvotes: 1
Related Questions
- ASP.NET user login best practices
- MVC C#: Authenticating current user has rights to view/update data
- User Login in asp.net MVC
- Proper handling of user information, how does ASP.NET do it?
- Best way to ensure logged in users only see their data
- How to verify a users password?
- In MVC4, how do I do my own check on user login and password?
- How to implement authorization checks in ASP.NET MVC based on Session data?
- MVC Protecting User Based Data Security
- Verify User Data Before Every Action