Introduction
The following describes the easiest way I have found to force users to log into an ASP.NET website for each session but not require them to accept cookies. You must do the following things.
- Create a Web.config file with the appropriate entries to allow session state management.
- Create a well formed Global.asax file with the code below included in it.
- Create a login page to authenticate users against a database or whatever method you desire.
Code usage
Required Code in the Global.asax
Sub Session_Start(ByVal sender As Object, ByVal e As EventArgs)
Session("Loggedin") = ""
CheckLoggedIn()
End Sub
Sub Application_OnPostRequestHandlerExecute()
CheckLoggedIn()
End Sub
Sub CheckLoggedIn()
If Session("LoggedIn") = "" And InStr(Request.RawUrl, "Login.aspx") = 0 Then
Response.Redirect("~/Login/Login.aspx")
End If
End Sub
Finally create a Login.aspx file that authenticates the user. If the user is allowed in, set: Session("Loggedin") = "Yes"
That's all there is to it. Hope this helps! Enjoy!
This member has not yet provided a Biography. Assume it's interesting and varied, and probably something to do with programming.
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
So if you don't want it, simply don't give it away, what the problem? 
ASP.NET turned to be the best server scripting lang, more I "play" with it, more I like it 
I read through all the postings but did anyone notice that there is an infinite loop occuring in the code. After playing around with it and debugging it I found tht every time there is a request for URL either directly or via Response.Redirect("~/somepage.aspx"), the Application_OnPostRequestHanlderExecute() handler is invoked and this in turn calls CheckedLogin() which then redirects to a URL and Application_OnPostRequestHanlderExecute() is invoked again which calls CheckedLogin() and on and on and on.