Rattlesnake
Freshman
- Joined
- Dec 23, 2003
- Messages
- 47
Hi,
I have developed an ASP.Net (1.1) application. It uses Windows Authentication.
I have a database that contains a USERS table that list all the users that have access to the application.
In the Session_Start sub I read the Request.ServerVariables("LOGON_USER") variable and check the USER table for this username. If the username doesnot exist in the USERS table i redirect him to a webform (UserError.aspx) that displays a message that he doesnot have access to the system. In the page Load of this form I call Session.Clear() and Session.Abandon().
This seems to work fine , but with one glitch. If the user access the application for. e.g. http://server1/App1/Default.aspx
It takes him to the UserError.aspx page. If he refreshes the page once it again takes him to UserError.aspx. But if he refreshes the page a second time , it takes him to the Default.aspx page. I have noticed that on the 2nd refresh the Session.Clear and Session.Abandon are not run.
Any ideas why???
Is there a better way of restricting access to the application. I don't want to use forms authentication.
Thanks
I have developed an ASP.Net (1.1) application. It uses Windows Authentication.
I have a database that contains a USERS table that list all the users that have access to the application.
In the Session_Start sub I read the Request.ServerVariables("LOGON_USER") variable and check the USER table for this username. If the username doesnot exist in the USERS table i redirect him to a webform (UserError.aspx) that displays a message that he doesnot have access to the system. In the page Load of this form I call Session.Clear() and Session.Abandon().
This seems to work fine , but with one glitch. If the user access the application for. e.g. http://server1/App1/Default.aspx
It takes him to the UserError.aspx page. If he refreshes the page once it again takes him to UserError.aspx. But if he refreshes the page a second time , it takes him to the Default.aspx page. I have noticed that on the 2nd refresh the Session.Clear and Session.Abandon are not run.
Any ideas why???
Is there a better way of restricting access to the application. I don't want to use forms authentication.
Thanks