user4310768
Reputation:
Session check deny page access ASP.NET
I have a login page that is checking users and passwords from an XML file, first I set a string that I will use with sessions then check if user exist
string roleCheck = "";
string userName = node.SelectSingleNode("username").InnerText;
string passWord = node.SelectSingleNode("password").InnerText;
string isAdmin = node.SelectSingleNode("role").InnerText;
if (isAdmin == "admin" && userName == TextBoxUsername.Text && passWord == TextBoxPassword.Text)
{
roleCheck = "admin";
Session["RoleCheck"] = roleCheck;
Response.Redirect("admin.aspx");
}
Now here is where it fails, it seems I can access admin.aspx even without logging on, I have this in Page_Load on admin.aspx
protected void Page_Load(object sender, EventArgs e)
{
if (Session["RoleCheck"] == "")
{
Response.Redirect("login.aspx");
}
}
Shouldnt this redirect non logged on users?
Upvotes: 0
Views: 923
Answers (2)
Kaushik Maheta
Reputation: 1891
You need to check just session is null like below code. not check empty or blank.
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
if (Session["RoleCheck"] == null)
{
Response.Redirect("login.aspx");
}
}
}
Upvotes: 0
Imad
Reputation: 7490
No, because it is checking whether Session is blank string, but here, Session is null, i.e not a blank string. Hence condition fails.
You should check Session for null rather than empty string.
if(Session["RoleCheck"] == null)
{
// redirect
}
Upvotes: 1
Related Questions
- Restrict user access using session - ASP.NET
- how to use session to avoid some user to view some pages?
- page access only for login user
- restrict access to a .net page without a valid session vb.net
- Deny access to html page
- How to deny direct access to page
- bypass a page based on condition
- Checking session in asp.net?
- asp.net: check whether session is valid
- ASP.NET Session State Security Problem