Stricter Forms Authentication?

[honcho]

Hello:

ASP.NET's Forms Authentication facility (class FormsAuthentication,
<authorization> tags in Web.config, Application_AuthenticateRequest() in
Global.asax, GenericPrincipal, etc.) is very powerful, but it isn't strict
enough for my application.

The user of my web application must start at the Login page, and proceed
along one of several branches from the Login page. He should be able to
return to a previously visited page and take a different branch, but if he
jumps forward over a page (e.g. using a bookmark from a previous session),
that would be a violation.

Is there something in ASP.NET that facilitates this form of authentication,
or will I need to invent my own (e.g. using session variables)?

 

[Mike Labosh]

The user of my web application must start at the Login page, and proceed

along one of several branches from the Login page. He should be able to
return to a previously visited page and take a different branch, but if he
jumps forward over a page (e.g. using a bookmark from a previous session),
that would be a violation.

Is there something in ASP.NET that facilitates this form of
authentication, or will I need to invent my own (e.g. using session
variables)?

Off the top of my head, it sounds like you want to use some combination of
Session variables and/or cookies. Probably both.

--
Peace & happy computing,

Mike Labosh, MCSD

"Mr. McKittrick, after very careful consideration, I have
come to the conclusion that this new system SUCKS."
-- General Barringer, "War Games"

 

[Patrice]

This is not an authentication problem. You'll have to code to make sure
pages are accessed in the sequence you want.

Patrice