I am working on a website (developed in ASP.NET with C#) that was passed on to me. As I'm working through the site, I notice much of the site has this type of code in it:
EmailLabel.Visible = false;
WhateverButton.Visible = false;
AnotherControl.Visible = false;
...
This is all typically done in the code-behind of the site (in the Page_Load method). Essentially, this was put in place to prevent a non-logged in user from accessing components (the rule for the site is that a non-logged in user shouldn't be able to see any part of the site until they log in). The way above works...but it seems rather expensive to have to always check if the user is logged in and then flip to the correct status for all those components.
Is there a different way that this problem could be approached. Just from thinking about it/research, I thought perhaps there would be a way that I could do a redirect back to the home page if a user is not logged in. Even further, I could extend a base page which would do this for any page that extends the base page. However, my knowledge in this area is limited, so my suggestion may not work.
What can SO suggest? Anything better? Is what is there good enough?
Cybersecurity controls are mechanisms used to prevent, detect and mitigate cyber threats and attacks. Mechanisms range from physical controls, such as security guards and surveillance cameras, to technical controls, including firewalls and multifactor authentication.
Use anti-virus software and keep it updated Using anti-virus or a comprehensive internet security solution like Kaspersky Total Security is a smart way to protect your system from attacks. Anti-virus software allows you to scan, detect and remove threats before they become a problem.
We do this a lot at my work.
The way we accomplish this is by creating a BasePage class that inherits from System.Web.UI.Page. Then you override OnInit, call the base.OnInit, and add code to check for a logged in user. If the user is not logged in, Redirect them to a login page (which would not inherit from BasePage.)
Then, on every page that needs to be protected, just change the page to inherit from BasePage.
And contrary to what womp says above, if you write Response.End(); after the redirect, it is much faster that even continue processing the rest of the page!
Hope that helps.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With