How to make it so that only authenticated users can access a page in an ASP .NET project

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}

I'm trying to make is so that after logging in to a site, the application automatically redirects the user to the default page of the application.
Also, it is important that the user cannot access anything other than the login webpage without being logged in.
I've been stuck on this for 3 days now.
We have a horrible professor who doesn't do his documentation right (I have to google everything instead of having it in the scripts or something)

The user's credentials are hardcoded inside of the Web.config file as keyed values. They are not checked against a database, only against the hardcoded strings.

This is the code that I have:

The design of the login page (it's the Login element from the toolbox, not something manually constructed).

This is the code of that page:
Login.aspx.cs

using System;

using System.Collections.Generic;

using System.Linq;

using System.Web;

using System.Web.UI;

using System.Web.UI.WebControls;

using System.Data.SqlClient;

using System.Configuration;



namespace LV1___Kalkulator

{

    public partial class Login : System.Web.UI.Page

    {

        protected void Page_Load(object sender, EventArgs e)

        {



        }



        protected bool ValidateUser(String username, String password)

        {

            if (Login1.UserName == "tstipic" && // ConfigurationManager.AppSettings["korisnickoime"] &&

               Login1.Password == "password") //ConfigurationManager.AppSettings["sifra"])

            {

                return true;

            }

            else return false;

        }



        protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)

        {

            if (e.Authenticated)

            {

                Response.Redirect("Dafault.aspx");

            }

            if (ValidateUser(Login1.UserName, Login1.Password))

            {

                Response.Redirect("Dafault.aspx");

            }

            else

            {

                e.Authenticated = false;

            }

        }

    }

}

This is my web.config file:

<?xml version="1.0" encoding="utf-8"?>



<!--

  For more information on how to configure your ASP.NET application, please visit

  https://go.microsoft.com/fwlink/?LinkId=169433

  -->

<configuration>    

  <system.web>



    <compilation debug="true" targetFramework="4.6.1"/>

    <httpRuntime targetFramework="4.6.1"/>

  </system.web>

  <system.codedom>

    <compilers>

      <compiler language="c#;cs;csharp" extension=".cs"

        type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"

        warningLevel="4" compilerOptions="/langversion:default /nowarn:1659;1699;1701"/>

      <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb"

        type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"

        warningLevel="4" compilerOptions="/langversion:default /nowarn:41008 /define:_MYTYPE=&quot;Web&quot; /optionInfer+"/>

    </compilers>

  </system.codedom>

  <appSettings>

    <add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />

    <add key="korisnickoime" value="user"/>

    <add key="sifra" value="pass"/>

    </appSettings>

  <connectionStrings>

    <add name="konekcijaNaBazu"

       connectionString="Provider=Microsoft.Jet.OLEDB.4.0;

       Data Source=|DataDirectory|ASP_Database.mdb"

       providerName="System.Data.OleDb"/>  

  </connectionStrings>

</configuration>

Edit: I have implemented what Albert D. Kallal advised.
That seems to be a step in the right direction, but I'm still experiencing the same results. I input the correct credentials only to be presented with the login page anew.

edited Jan 3 at 8:25

asked Jan 3 at 6:09

Gandeloft

You can follow this article for an idea auth0.com/docs/quickstart/webapp/aspnet-owin/01-login

– Baskar
Jan 3 at 6:14

This link will be helpful aspsnippets.com/Articles/…

– Jeswin Rebil
Jan 3 at 6:15

add a comment |

The user's credentials are hardcoded inside of the Web.config file as keyed values. They are not checked against a database, only against the hardcoded strings.

This is the code that I have:

The design of the login page (it's the Login element from the toolbox, not something manually constructed).

This is the code of that page:
Login.aspx.cs

using System;

using System.Collections.Generic;

using System.Linq;

using System.Web;

using System.Web.UI;

using System.Web.UI.WebControls;

using System.Data.SqlClient;

using System.Configuration;



namespace LV1___Kalkulator

{

    public partial class Login : System.Web.UI.Page

    {

        protected void Page_Load(object sender, EventArgs e)

        {



        }



        protected bool ValidateUser(String username, String password)

        {

            if (Login1.UserName == "tstipic" && // ConfigurationManager.AppSettings["korisnickoime"] &&

               Login1.Password == "password") //ConfigurationManager.AppSettings["sifra"])

            {

                return true;

            }

            else return false;

        }



        protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)

        {

            if (e.Authenticated)

            {

                Response.Redirect("Dafault.aspx");

            }

            if (ValidateUser(Login1.UserName, Login1.Password))

            {

                Response.Redirect("Dafault.aspx");

            }

            else

            {

                e.Authenticated = false;

            }

        }

    }

}

This is my web.config file:

<?xml version="1.0" encoding="utf-8"?>



<!--

  For more information on how to configure your ASP.NET application, please visit

  https://go.microsoft.com/fwlink/?LinkId=169433

  -->

<configuration>    

  <system.web>



    <compilation debug="true" targetFramework="4.6.1"/>

    <httpRuntime targetFramework="4.6.1"/>

  </system.web>

  <system.codedom>

    <compilers>

      <compiler language="c#;cs;csharp" extension=".cs"

        type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"

        warningLevel="4" compilerOptions="/langversion:default /nowarn:1659;1699;1701"/>

      <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb"

        type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"

        warningLevel="4" compilerOptions="/langversion:default /nowarn:41008 /define:_MYTYPE=&quot;Web&quot; /optionInfer+"/>

    </compilers>

  </system.codedom>

  <appSettings>

    <add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />

    <add key="korisnickoime" value="user"/>

    <add key="sifra" value="pass"/>

    </appSettings>

  <connectionStrings>

    <add name="konekcijaNaBazu"

       connectionString="Provider=Microsoft.Jet.OLEDB.4.0;

       Data Source=|DataDirectory|ASP_Database.mdb"

       providerName="System.Data.OleDb"/>  

  </connectionStrings>

</configuration>

edited Jan 3 at 8:25

asked Jan 3 at 6:09

Gandeloft

You can follow this article for an idea auth0.com/docs/quickstart/webapp/aspnet-owin/01-login

– Baskar
Jan 3 at 6:14

This link will be helpful aspsnippets.com/Articles/…

– Jeswin Rebil
Jan 3 at 6:15

add a comment |

The user's credentials are hardcoded inside of the Web.config file as keyed values. They are not checked against a database, only against the hardcoded strings.

This is the code that I have:

The design of the login page (it's the Login element from the toolbox, not something manually constructed).

This is the code of that page:
Login.aspx.cs

using System;

using System.Collections.Generic;

using System.Linq;

using System.Web;

using System.Web.UI;

using System.Web.UI.WebControls;

using System.Data.SqlClient;

using System.Configuration;



namespace LV1___Kalkulator

{

    public partial class Login : System.Web.UI.Page

    {

        protected void Page_Load(object sender, EventArgs e)

        {



        }



        protected bool ValidateUser(String username, String password)

        {

            if (Login1.UserName == "tstipic" && // ConfigurationManager.AppSettings["korisnickoime"] &&

               Login1.Password == "password") //ConfigurationManager.AppSettings["sifra"])

            {

                return true;

            }

            else return false;

        }



        protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)

        {

            if (e.Authenticated)

            {

                Response.Redirect("Dafault.aspx");

            }

            if (ValidateUser(Login1.UserName, Login1.Password))

            {

                Response.Redirect("Dafault.aspx");

            }

            else

            {

                e.Authenticated = false;

            }

        }

    }

}

This is my web.config file:

<?xml version="1.0" encoding="utf-8"?>



<!--

  For more information on how to configure your ASP.NET application, please visit

  https://go.microsoft.com/fwlink/?LinkId=169433

  -->

<configuration>    

  <system.web>



    <compilation debug="true" targetFramework="4.6.1"/>

    <httpRuntime targetFramework="4.6.1"/>

  </system.web>

  <system.codedom>

    <compilers>

      <compiler language="c#;cs;csharp" extension=".cs"

        type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"

        warningLevel="4" compilerOptions="/langversion:default /nowarn:1659;1699;1701"/>

      <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb"

        type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"

        warningLevel="4" compilerOptions="/langversion:default /nowarn:41008 /define:_MYTYPE=&quot;Web&quot; /optionInfer+"/>

    </compilers>

  </system.codedom>

  <appSettings>

    <add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />

    <add key="korisnickoime" value="user"/>

    <add key="sifra" value="pass"/>

    </appSettings>

  <connectionStrings>

    <add name="konekcijaNaBazu"

       connectionString="Provider=Microsoft.Jet.OLEDB.4.0;

       Data Source=|DataDirectory|ASP_Database.mdb"

       providerName="System.Data.OleDb"/>  

  </connectionStrings>

</configuration>

edited Jan 3 at 8:25

asked Jan 3 at 6:09

Gandeloft

The user's credentials are hardcoded inside of the Web.config file as keyed values. They are not checked against a database, only against the hardcoded strings.

This is the code that I have:

The design of the login page (it's the Login element from the toolbox, not something manually constructed).

This is the code of that page:
Login.aspx.cs

using System;

using System.Collections.Generic;

using System.Linq;

using System.Web;

using System.Web.UI;

using System.Web.UI.WebControls;

using System.Data.SqlClient;

using System.Configuration;



namespace LV1___Kalkulator

{

    public partial class Login : System.Web.UI.Page

    {

        protected void Page_Load(object sender, EventArgs e)

        {



        }



        protected bool ValidateUser(String username, String password)

        {

            if (Login1.UserName == "tstipic" && // ConfigurationManager.AppSettings["korisnickoime"] &&

               Login1.Password == "password") //ConfigurationManager.AppSettings["sifra"])

            {

                return true;

            }

            else return false;

        }



        protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)

        {

            if (e.Authenticated)

            {

                Response.Redirect("Dafault.aspx");

            }

            if (ValidateUser(Login1.UserName, Login1.Password))

            {

                Response.Redirect("Dafault.aspx");

            }

            else

            {

                e.Authenticated = false;

            }

        }

    }

}

This is my web.config file:

<?xml version="1.0" encoding="utf-8"?>



<!--

  For more information on how to configure your ASP.NET application, please visit

  https://go.microsoft.com/fwlink/?LinkId=169433

  -->

<configuration>    

  <system.web>



    <compilation debug="true" targetFramework="4.6.1"/>

    <httpRuntime targetFramework="4.6.1"/>

  </system.web>

  <system.codedom>

    <compilers>

      <compiler language="c#;cs;csharp" extension=".cs"

        type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"

        warningLevel="4" compilerOptions="/langversion:default /nowarn:1659;1699;1701"/>

      <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb"

        type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"

        warningLevel="4" compilerOptions="/langversion:default /nowarn:41008 /define:_MYTYPE=&quot;Web&quot; /optionInfer+"/>

    </compilers>

  </system.codedom>

  <appSettings>

    <add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />

    <add key="korisnickoime" value="user"/>

    <add key="sifra" value="pass"/>

    </appSettings>

  <connectionStrings>

    <add name="konekcijaNaBazu"

       connectionString="Provider=Microsoft.Jet.OLEDB.4.0;

       Data Source=|DataDirectory|ASP_Database.mdb"

       providerName="System.Data.OleDb"/>  

  </connectionStrings>

</configuration>

c# asp.net .net

edited Jan 3 at 8:25

asked Jan 3 at 6:09

Gandeloft

edited Jan 3 at 8:25

asked Jan 3 at 6:09

Gandeloft

edited Jan 3 at 8:25

asked Jan 3 at 6:09

Gandeloft

asked Jan 3 at 6:09

Gandeloft

asked Jan 3 at 6:09

Gandeloft

You can follow this article for an idea auth0.com/docs/quickstart/webapp/aspnet-owin/01-login

– Baskar
Jan 3 at 6:14

This link will be helpful aspsnippets.com/Articles/…

– Jeswin Rebil
Jan 3 at 6:15

add a comment |

You can follow this article for an idea auth0.com/docs/quickstart/webapp/aspnet-owin/01-login

– Baskar
Jan 3 at 6:14

This link will be helpful aspsnippets.com/Articles/…

– Jeswin Rebil
Jan 3 at 6:15

You can follow this article for an idea auth0.com/docs/quickstart/webapp/aspnet-owin/01-login

– Baskar
Jan 3 at 6:14

This link will be helpful aspsnippets.com/Articles/…

– Jeswin Rebil
Jan 3 at 6:15

add a comment |

1 Answer
1

active

oldest

votes

Assuming you enabled security, then you need this in your config file:

<?xml version="1.0" encoding="utf-8"?>

<configuration>

    <system.web>

       <authorization>

        <deny users="?"/>

       </authorization>

    </system.web>

</configuration>

What the above means and says:
Do NOT allow anyone to hit a web page unless they are authenticated. If they are not authenticated, then the web server will automatic re-direct users to your logon page. The result is no web page can be hit unless they are logged on. If they manually type in a URL, then the web server will re-direct them to the logon page, because that's the page you setup as the logon page. That setting in web.config is

<authentication mode="Forms">

  <forms loginUrl="~/Account/Login.aspx" defaultUrl="~/Default.aspx" />

</authentication>

So above sets the default web page, but ALSO sets the page that everyone is re-directed to if they attempt to hit a web page without having been authenticated.

answered Jan 3 at 6:50

Albert D. Kallal

16.7k12338

I have implemented this. It seems to have been a step in the right direction, but I'm still experiencing the same results. I input the correct credentials only to be presented with the login page anew.

– Gandeloft
Jan 3 at 8:18

add a comment |

Your Answer

StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});

}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54017140%2fhow-to-make-it-so-that-only-authenticated-users-can-access-a-page-in-an-asp-net%23new-answer', 'question_page');
}
);

Post as a guest

Name

Required, but never shown

1 Answer
1

active

oldest

votes

1 Answer
1

active

oldest

votes

Assuming you enabled security, then you need this in your config file:

<?xml version="1.0" encoding="utf-8"?>

<configuration>

    <system.web>

       <authorization>

        <deny users="?"/>

       </authorization>

    </system.web>

</configuration>

<authentication mode="Forms">

  <forms loginUrl="~/Account/Login.aspx" defaultUrl="~/Default.aspx" />

</authentication>

So above sets the default web page, but ALSO sets the page that everyone is re-directed to if they attempt to hit a web page without having been authenticated.

answered Jan 3 at 6:50

Albert D. Kallal

16.7k12338

I have implemented this. It seems to have been a step in the right direction, but I'm still experiencing the same results. I input the correct credentials only to be presented with the login page anew.

– Gandeloft
Jan 3 at 8:18

add a comment |

Assuming you enabled security, then you need this in your config file:

<?xml version="1.0" encoding="utf-8"?>

<configuration>

    <system.web>

       <authorization>

        <deny users="?"/>

       </authorization>

    </system.web>

</configuration>

<authentication mode="Forms">

  <forms loginUrl="~/Account/Login.aspx" defaultUrl="~/Default.aspx" />

</authentication>

So above sets the default web page, but ALSO sets the page that everyone is re-directed to if they attempt to hit a web page without having been authenticated.

answered Jan 3 at 6:50

Albert D. Kallal

16.7k12338

I have implemented this. It seems to have been a step in the right direction, but I'm still experiencing the same results. I input the correct credentials only to be presented with the login page anew.

– Gandeloft
Jan 3 at 8:18

add a comment |

Assuming you enabled security, then you need this in your config file:

<?xml version="1.0" encoding="utf-8"?>

<configuration>

    <system.web>

       <authorization>

        <deny users="?"/>

       </authorization>

    </system.web>

</configuration>

<authentication mode="Forms">

  <forms loginUrl="~/Account/Login.aspx" defaultUrl="~/Default.aspx" />

</authentication>

So above sets the default web page, but ALSO sets the page that everyone is re-directed to if they attempt to hit a web page without having been authenticated.

answered Jan 3 at 6:50

Albert D. Kallal

16.7k12338

Assuming you enabled security, then you need this in your config file:

<?xml version="1.0" encoding="utf-8"?>

<configuration>

    <system.web>

       <authorization>

        <deny users="?"/>

       </authorization>

    </system.web>

</configuration>

<authentication mode="Forms">

  <forms loginUrl="~/Account/Login.aspx" defaultUrl="~/Default.aspx" />

</authentication>

So above sets the default web page, but ALSO sets the page that everyone is re-directed to if they attempt to hit a web page without having been authenticated.

answered Jan 3 at 6:50

Albert D. Kallal

16.7k12338

answered Jan 3 at 6:50

Albert D. Kallal

16.7k12338

answered Jan 3 at 6:50

Albert D. Kallal

16.7k12338

answered Jan 3 at 6:50

Albert D. Kallal

16.7k12338

I have implemented this. It seems to have been a step in the right direction, but I'm still experiencing the same results. I input the correct credentials only to be presented with the login page anew.

– Gandeloft
Jan 3 at 8:18

add a comment |

I have implemented this. It seems to have been a step in the right direction, but I'm still experiencing the same results. I input the correct credentials only to be presented with the login page anew.

– Gandeloft
Jan 3 at 8:18

I have implemented this. It seems to have been a step in the right direction, but I'm still experiencing the same results. I input the correct credentials only to be presented with the login page anew.

– Gandeloft
Jan 3 at 8:18

add a comment |

draft saved

draft discarded

Thanks for contributing an answer to Stack Overflow!

Please be sure to answer the question. Provide details and share your research!

But avoid …

Asking for help, clarification, or responding to other answers.

Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Name

Required, but never shown

Name

Required, but never shown

This page is only for reference, If you need detailed information, please check here

Search This Blog

Ufyukyu