A
Alan Silver
Hello,
I am just planning a new ASP.NET site, and wondered about the best way
to handle the following common scenario...
The site has the option that registered users can log in and will have
access to extra features. The log in form is a simple username/password
affair that will appear in the margin of every page if they aren't yet
logged in. If they are logged in, their user name will be shown, along
with a button to log out.
Now, suppose they try to log in. The log on form is posted to the log in
page, which verifies their username and password. If correct, they are
now logged in. If not, they are told so and asked for the details again,
or asked to register.
How do I deal with this on the rest of the site? I need to alter the
display on some pages so that messages like "If you were logged in you
would be able to do..." will be replaced with links to the extra
features. Similarly, certain pages will be imply unavailable if they are
not logged in.
In Classic ASP this was just a matter of setting a Session variable, say
"Username" to be non-blank. You could have a small include file, pulled
in on every relevant page, that contained code to check the Session
variable, and then redirect them away from the page if they weren't
allowed there without logging in. If it was a page which they could see,
you would do something like...
<%If Session("Username")<>"" Then%>
<p>Click <a href="comment.asp">here</a> to add a comment.</p>
<%Else%>
<p>If you were logged in, you could add a comment.</p>
<%End If%>
Now I think that in-line coding like this isn't allowed in ASP.NET, so
how do I handle the situation?
TIA
I am just planning a new ASP.NET site, and wondered about the best way
to handle the following common scenario...
The site has the option that registered users can log in and will have
access to extra features. The log in form is a simple username/password
affair that will appear in the margin of every page if they aren't yet
logged in. If they are logged in, their user name will be shown, along
with a button to log out.
Now, suppose they try to log in. The log on form is posted to the log in
page, which verifies their username and password. If correct, they are
now logged in. If not, they are told so and asked for the details again,
or asked to register.
How do I deal with this on the rest of the site? I need to alter the
display on some pages so that messages like "If you were logged in you
would be able to do..." will be replaced with links to the extra
features. Similarly, certain pages will be imply unavailable if they are
not logged in.
In Classic ASP this was just a matter of setting a Session variable, say
"Username" to be non-blank. You could have a small include file, pulled
in on every relevant page, that contained code to check the Session
variable, and then redirect them away from the page if they weren't
allowed there without logging in. If it was a page which they could see,
you would do something like...
<%If Session("Username")<>"" Then%>
<p>Click <a href="comment.asp">here</a> to add a comment.</p>
<%Else%>
<p>If you were logged in, you could add a comment.</p>
<%End If%>
Now I think that in-line coding like this isn't allowed in ASP.NET, so
how do I handle the situation?
TIA