Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

ASP.NET MVC4 Redirect to login page

Tags:

c#

asp.net-mvc

asp.net-mvc-4

I'm creating a web application using ASP.NET MVC 4 and C#.

I want all users to be logged in before using application.

I'm using ASP.NET Membership with a custom database.

One method is check if Membership.GetUser() is null or not in every function.

But isn't there any easier way than checking user login state in every function? (maybe checking in web.config, global.asax, etc...??)

like image 328
Mahdi Ghiasi Avatar asked Jul 26 '12 15:07

Mahdi Ghiasi

3 Answers

Sure, decorate your actions or the whole class with [Authorize] and it will require that the user is logged in first.

like image 94
Blindy Avatar answered Nov 12 '22 18:11

Blindy

Put [Authorize] over each action that you want only logged in users accessing. You can also do this at the controller level, making all actions within the controller secured. The latter is probably best for you, since you probably only want all of your pages disabled for guests.

Here's what the class-level one looks like:

[Authorize]
public class SomethingController
{
    //...
}

and here's an action-level one:

public class SomethingController
{
    [Authorize]
    public ActionResult SomeAction(Parameter someParameter)
    {
        //...   
    }
}

Another way to do it, if all or most of your pages use the same master page, is to put:

<script type="text/javascript>
    @if(!Request.IsAuthenticated) {
        window.location.href = redirectURL;
    }
</script>

or if you arent using razor syntax,

<script type="text/javascript>  
    <% if(!Request.IsAuthenticated) { %>
        window.location.href = redirectURL;
    <% } %>
</script>

in the master page. That way, all pages which use that master page will redirect elsewhere if the user is not logged in. This only applies if you are using the built-in authentication, though. NOTE: This option is far less secure than the first option. Use this only if site security is not a big concern

like image 24
Phillip Schmidt Avatar answered Nov 12 '22 18:11

Phillip Schmidt

I know this question already has an answer but if the intention is to lock down the whole app except for a select few controller actions then I feel like this is a better solution ...

In the startup / init for your app add ...

httpConfig.filters.Add(new AuthorizeAttribute());

... then on actions you DONT want to secure ...

[AllowAnonymous]
public ActionResult Hello() { return View(); }
like image 6
War Avatar answered Nov 12 '22 20:11

War
Sign in to Comment

Related questions

BASH: difference between "export k=1" vs. "k=1"
Is it better to use Cache or CDN?
Mac / OSx - Change PHP version which is call in bash
Jersey: A message body writer for Java Class and MIME mediatype application/json was not found
Android: toggle text color of ToggleButton
Simulate a delay in execution in Unit Test using Moq
Select elements where attribute is non-empty
jQuery scrolltop firefox not working
Cancel SVN in a Android Studio Project
How to use comparison methods between class object modules in VBA in a similar manner as VB.NET?
Chromedriver on Ubuntu 12.04 - Error while loading shared libraries: libXi.so.6
Sublime Text 3: How to install plugins from Github

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!