Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

asp.net mvc and check for if a user is logged in

Tags:

security

asp.net-mvc

global-asax

I'm new in asp.net mvc and i need to check if a user is logged in or not in my application so i place the following piece of code in my global.asax

    void Application_PreRequestHandlerExecute(object sender, EventArgs e)
    {
        HttpApplication application = (HttpApplication)sender;
        HttpContext context = application.Context;

        string filePath= context.Request.FilePath;
        string fileExtention = VirtualPathUtility.GetExtension(filePath);

        // to skip request for static content like (.css or .js)
        if (fileExtention == "")
        {                
            if (filePath.ToLower() != "/account/login")
            {
                var user = (Utilisateur)context.Session["USER"];
                if (user == null)
                    context.Response.Redirect(@"~/account/login");
            }                
        } 
    }

I intercept each incoming request to do the checking I'd like to know if there are other ways to do this kind of work and thanks in advance.

like image 655
anouar Avatar asked Nov 27 '22 22:11

anouar

2 Answers

Do you need to do it this way? You should check, if you can use asp.net authentication, authorization and membership providers. (They are automatically generated when you make new ASP.NET MVC 3 Application [when you leave the 'Internet Application' checked]).

You can then use annotation for controllers and actions: (pseudocode):
This allows access to controller only to authorized users (you can even specify which users or which roles are allowed): [Authorize(Roles = "Administrators")]

[Authorize]
controller{.....}

And to check if user is logged in, there is already User property with Identity property.
This code checks if user is Authenticated (logged in):

controller...() {
...
if (User.Identity.IsAuthenticated) ...
...
}
like image 96
Damb Avatar answered Dec 06 '22 05:12

Damb

Since you mentioned you have your own "module" that works with several databases, I think you should implement this module as a standard ASP.NET / MVC custom membership/authentication provider. You can then use HttpContext.User.Identity.IsAuthenticated and limit the access to your controller's actions (or the whole controller) by decorating it with [Authorize] attribute.

like image 42
Hadi Eskandari Avatar answered Dec 06 '22 05:12

Hadi Eskandari
Sign in to Comment

Related questions

ASP.NET/MVC 3 Status
Get Current View's Url with HtmlHelper in ASP.NET MVC 3
Html.LabelFor statement not displaying as assigned value
Accessing Azure Emulator from Another Device
How to set value into HTML5 date field from Asp.Net MVC Razor?
Appending to default title in asp.net masterpage
How to Generate a Link to download a File in asp.net MVC?
If User.IsInRole with string array?
telerik-grid onRowSelect how to get id?
Default radiobuttonlist in ASP.NET MVC Razor
ASP.NET MVC: Many routes -> always only one controller
Which performs best: Classic ASP, ASP.NET WebForms or ASP.NET MVC?
NullInjectorError: No provider for HttpClient! Angular 5
Mocking and HttpContextBase.get_User()
How MVC (ASP.NET MVC) band 3-tier architecture can work together?
MVC routing with optional parameter
ASP.NET MVC: Ignore custom attribute in a base controller class
How can I reliably preload and cache my ajax loading image across my site?
Writing conditional HTML with razor
How do I link to downloadable files in ASP.NET MVC?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!