PassMark Logo
Home » Forum

Announcement

Collapse
No announcement yet.

Page Protection

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Page Protection

    I have a secure website that is ASP.Net and I maintain security by checking a session id to insure the user is logged on.

    Code Sample:

    If IsNothing(Session(LOGGEDID)) Or Session(LOGGEDID) < 1 Then

    Session(GOBACKPAGE) = "http://LineageSafety/Zoomaspx/SearchAsp.aspx"
    Response.Redirect(LOGONPAGE)
    End If

    If Session(USRLEVEL) < 1 Then
    Response.Redirect(LOGONPAGE)
    End If


    Adding this to the code of a search page is resulting an error message that seems to be related to permission.

    Is there a way to pass session variable to the search page to insure that an individual is logged into the website?

    Thanks

  • #2
    Are you using the classic ASP (search.asp) output or the ASP.NET Server Control (search.aspx) option?

    Where are you putting this code? What is the actual error message?

    What is in "SearchAsp.aspx"?

    It's impossible for us to say without knowing the above.
    --Ray
    Wrensoft Web Software
    Sydney, Australia
    Zoom Search Engine

    Comment


    • #3
      Thanks for your response.

      I am using ASP.Net (search.aspx).

      The code is in the VB Load Page event.


      SearchASP.aspx =

      <%@ Page Title="Search Page" Language="VB" MasterPageFile="SiteSearch.master" AutoEventWireup="false"
      CodeFile="SearchAsp.aspx.vb" Inherits="SearchAsp" %>
      <%@ Register TagPrefix="ZoomASPX" Namespace="ZoomASPX" Assembly="ZoomASPX" %>
      <asp:Content ID="HeaderContent" runat="server" ContentPlaceHolderID="HeadContent">
      </asp:Content>
      <asp:Content ID="BodyContent" runat="server" ContentPlaceHolderID="MainContent">

      <ZoomASPX:ASPXSearch id="ASPXSearch" runat=server/>

      </asp:Content>


      VB behind page:

      Imports Constants

      Partial Class SearchAsp
      Inherits System.Web.UI.Page

      Protected Sub Page_Load(sender As Object, e As System.EventArgs) Handles Me.Load
      If IsNothing(Session(LOGGEDID)) Or Session(LOGGEDID) < 1 Then

      Session(GOBACKPAGE) = "~/SearchAsp.aspx"
      Response.Redirect(LOGONPAGE)
      End If

      If Session(USRLEVEL) < 1 Then
      Response.Redirect(LOGONPAGE)
      End If




      End Sub


      End Class


      This is my first time using a 3rd party control like this, so I may be trying to implement my security incorrectly.

      I am looking to avoid having individuals navigate directly to the search page and be able to access MS Word documents and other available documents without having be authenticated. If there is documentation of a suggested solutions or approach, I am open to going a different way with this.

      Thanks,
      Tim

      Comment


      • #4
        Had a look at the code but really can not tell conclusively from what's given. I don't have the master page, or the imported classes, etc.

        Can you provide us with the exact error message given? That is, the error message when you said, "... Adding this to the code of a search page is resulting an error message that seems to be related to permission."

        If possible, zip up all the related files that would be needed to reproduce the situation, and email them to us.
        --Ray
        Wrensoft Web Software
        Sydney, Australia
        Zoom Search Engine

        Comment

        Working...
        X