0

I have an ASP.NET MVC application with a number of pages. I'm trying to authenticate the user before opening a page.

I have created a Login page that works and authorizing a user.

However, when I enter the page URL directly in the browser, I'm able to open it.

How can I restrict the user from opening the page directly?

tereško
  • 58,060
  • 25
  • 98
  • 150
gene
  • 2,098
  • 7
  • 40
  • 98
  • What programming language are you using? Do you have a construct in the Controller class that renders the Views? If so, you could check for a authenticated session inside the construct (or inside the function that renders a page view), and if there isn't one, route them to the login page. – Woodrow May 24 '17 at 21:08
  • I'm using C#. I tried to use [Authorize] Attribute before every controller and looks like it is working – gene May 24 '17 at 21:20
  • Don't know if this might help: https://stackoverflow.com/questions/2204766/how-to-check-if-user-is-authorized-inside-action – Woodrow May 24 '17 at 21:26

0 Answers0