Click here to Skip to main content
15,887,776 members
Search within:


Custom authentication to limit access to intranet web application pages
Please Sign up or sign in to vote.
0.00/5 (No votes)
i have an asp.net web application on intranet.
on database a have a table with application users info:
Windows username , role .... and other stuff

on Session Start, i read logged in Windows user, and retrieve their info from application users on database. i save retrieved info in Session variable

if i want to restrict access to the webpages based on user's info,
so that if the Windows user does not exist in application's users table, i want to prevent access to page. What is the best way to do that?

thanks in advance

What I have tried:

i tried to examine user info saved in Session variable on EACH PAGE LOAD .. or on MASTER PAGE LOAD ....

but i don't know what the best practice is
Posted
Updated 2-Oct-17 3:21am
Add a Solution

2 solutions

One simple way is to have each page inherit from a base class that does the security check in its Page_Load. If you are too far into it to change to a base class you can always add a call in each page load to check if they have access to that page.

You can also use Location elements in your web.config if there are only a few pages that will need different levels of access.

This article goes over various scenarios and should help you. Guru Sarkar's Blog - Setting authorization rules for a particular page or folder in web.config[^]

Also see, HOW TO: Control Authorization Permissions in an ASP.NET Application[^]
 
Share this answer
 
Posted
Forget writing code for it and just buy a firewall/proxy server product off-the-shelf. This is standard functionality.

Before you go off and say "it's too expensive!", think about this. How much do you get paid an hour to write this project? How long are you going to be writing it? Multiply the two and that's the minimum cost of your little project. Compare that to off-the-shelf cost and you should find that your project is going to cost more.
 
Share this answer
 
Posted
Updated 2-Oct-17 3:15am
v2
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Add Authentication page before web application
Authenticating Web Application + SQL Server
What 'authentication method' is required for an intranet site
Intranet ASP.NET website windows authentication not working
[Authorize] attriubte can not access the component if authentication state isvalid
window authentication intranet site
Converting Internet Web application to intranet
JSP user Authentication in a web base application
How do I create an intranet web page that controls booking in and out of borrowed tools
How do I access the authentication logs /login data of a web application through SQL?

Advertise
Privacy
Cookies
Terms of Use
Last Updated 2 Oct 2017
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web02 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900