ASP.NET C# CSS gets lost when session is created

Question

Please help!! I'm using visual studio, programming in ASP.NET C# (.Net 4): I'm a PHP convert, trying to create a simple login page using a session. Seeing as I'm completely new at ASP.NET I used this code from somewhere on the internet:

Login.aspx:

<asp:TextBox ID="txtUserName" runat="server"></asp:TextBox>
<asp:TextBox ID="txtPassword" runat="server"></asp:TextBox>
<asp:Button ID="submit" runat="server" Text="Submit" onclick="submit_Click" />
<asp:Label ID="Label1" runat="server" Text="Label"></asp:Label>

Login.aspx.cs:

protected void send_Click(object sender, EventArgs e)
        {
        if (txtUserName.Text == "admin" && txtPassword.Text == "admin")
        {
            Session["Authenticate"] = "Yes";
            Response.Redirect("Default.aspx");
        }
        else
            Label1.Text = "Login failed";
        }

Global.asax.cs

void Session_Start(object sender, EventArgs e)
    {
        // Code that runs when a new session is started
        Session["Authenticate"] = "";
        CheckLogin();
    }
void Application_OnPostRequestHandlerExecute()
    {
        CheckLogin();
    }

    void CheckLogin()
    {
        string Url = Request.RawUrl;
        int count = Url.Length - 10;
        string TestUrl = Url.Substring(count);
        string SessionData = Session["Authenticate"].ToString();
        if (SessionData == "" && TestUrl != "Login.aspx")
        {
            Response.Redirect("~/Login.aspx");
        }
    }

Whenever I try to run this code in the browser, my CSS file doesn't load. This appears to be linked to the global.asax file, because the css load correctly if I comment out all of the code shown above in my global.asax.cs snippet.

I have tried opening the css file in the browser via the source code, which gives the following error:

Session state is not available in this context.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 

Exception Details: System.Web.HttpException: Session state is not available in this context.

Source Error: 


Line 45:             int count = Url.Length - 10;
Line 46:             string TestUrl = Url.Substring(count);
Line 47:             string SessionData = Session["Authenticate"].ToString();
Line 48:             if (SessionData == "" && TestUrl != "Login.aspx")
Line 49:             {

Source File: D:\MyTestWebsite\Global.asax.cs    Line: 47 

I have also tried using a Theme using App_Themes and defining it in Web.config - gives the same problem. The css only shows when the session-related code is removed.

Any idea what's causing this???

Answer 1

The issue is that you're checking login when attempting to load your static resources as well as dynamic pages. Certain files (such as global CSS) should be available for full anonymous access and not gated behind authentication logic.

You are definitely reinventing the wheel as the built in Forms Authentication supported by a large library of membership providers provide a rich base for you to expand upon. If you do choose to go forward with this method, my suggestion would be to query the requested file and ensure that they are requesting an aspx (assuming you are not using url rewriting) before requiring authentication.