validating user before loading a page?

[Guest]

Is it possible to execute a query or do some validation before loading a page..
I have a survey page and i want to validate users before loading the page.
I have done it in the page_load.
But the problem i have is that if the user gets the URL and directly paste
it to the browser the USER still sees the page.
Is there a way how to check the user in the DB before loading the page (I
mean just by pasting the URL to the browser or just by clicking the IE
browser?

 

[Steve C. Orr [MVP, MCSD]]

Yes, the Application_AuthenticateRequest event in Global.asax is generally
the best place to use for this sort of thing.
I successfully developed an app using role-based forms authentication by
using the techniques outlined in these articles:

http://support.microsoft.com/default.aspx?scid=kb;en-us;311495

http://www.4guysfromrolla.com/webtech/121901-1.2.shtml

Here is another article you may find useful as well:
http://www.eggheadcafe.com/articles/20020906.asp

 

[Patrick Olurotimi Ige]

Thanks Steve but what i want is that:-
When u click on the SURVEY link it checks if the USER is in the Database
if he/she is in the DB it retunrs access denied Which i have done.
And if they aren't INSERT the user..

But getting problems with my stored procedure below:-

CREATE procedure oyinbo(@username varchar(50), @Password varchar(50) )
as
if exists
-- You cannot register usernames already registered on the database
twice.
(
select username from register where username = @username
)
return 1 else
insert register(username,password) values(@username,@Password)
GO

It checks the USER and denies it but it never gives me access to the
page ...which i think it inserts the user before checking..


My codebehind is :-
Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
'Put user code to initialize the page here

conn = New
SqlConnection("server=(local);database=mydatabase;integrated
security=true;")
conn.Open()
txtuser.ID = Request.ServerVariables("LOGON_USER")

cmdcommand = New SqlCommand("rote", conn)
cmdcommand.CommandType = CommandType.StoredProcedure
param = cmdcommand.Parameters.Add("ReturnValue", SqlDbType.Int)
param.Direction = ParameterDirection.ReturnValue
cmdcommand.Parameters.Add("@username", txtuser.Name)

'cmdcommand.Parameters.Add(New SqlParameter("@DateCreated",
SqlDbType.DateTime, 8))
'cmdcommand.Parameters("@DateCreated").Value = Now()

cmdcommand.ExecuteNonQuery()

If cmdcommand.Parameters("ReturnValue").Value = 1 Then

Response.redirect("noaccess.aspx")
' lblMessage.Text = "Username already exists!"
Else

' lblMessage.Text = "Success!"
Response.Redirect("startsurvey.aspx")

End If




conn.Close()


End Sub


Any thing i'm doing wrong?