Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

asp.net mvc and check for if a user is logged in

I'm new in asp.net mvc and i need to check if a user is logged in or not in my application so i place the following piece of code in my global.asax

    void Application_PreRequestHandlerExecute(object sender, EventArgs e)
    {
        HttpApplication application = (HttpApplication)sender;
        HttpContext context = application.Context;

        string filePath= context.Request.FilePath;
        string fileExtention = VirtualPathUtility.GetExtension(filePath);

        // to skip request for static content like (.css or .js)
        if (fileExtention == "")
        {                
            if (filePath.ToLower() != "/account/login")
            {
                var user = (Utilisateur)context.Session["USER"];
                if (user == null)
                    context.Response.Redirect(@"~/account/login");
            }                
        } 
    }

I intercept each incoming request to do the checking I'd like to know if there are other ways to do this kind of work and thanks in advance.

like image 655
anouar Avatar asked Nov 27 '22 22:11

anouar


2 Answers

Do you need to do it this way? You should check, if you can use asp.net authentication, authorization and membership providers. (They are automatically generated when you make new ASP.NET MVC 3 Application [when you leave the 'Internet Application' checked]).

You can then use annotation for controllers and actions: (pseudocode):
This allows access to controller only to authorized users (you can even specify which users or which roles are allowed): [Authorize(Roles = "Administrators")]

[Authorize]
controller{.....}

And to check if user is logged in, there is already User property with Identity property.
This code checks if user is Authenticated (logged in):

controller...() {
...
if (User.Identity.IsAuthenticated) ...
...
}
like image 96
Damb Avatar answered Dec 06 '22 05:12

Damb


Since you mentioned you have your own "module" that works with several databases, I think you should implement this module as a standard ASP.NET / MVC custom membership/authentication provider. You can then use HttpContext.User.Identity.IsAuthenticated and limit the access to your controller's actions (or the whole controller) by decorating it with [Authorize] attribute.

like image 42
Hadi Eskandari Avatar answered Dec 06 '22 05:12

Hadi Eskandari