visual studio 2010 - Asp.net Allow access to Admin Only -
i have admin page in secret folder , should accessed admin. way attempted creating session , check if logged in person admin. failed recognise admin. following attempted. can see went wrong? is because admin page in different folder , when created session wouldn't recognise when access admin area? if so, how can overcome this?
if (session["username"] != "admin") { response.redirect("~/notadmin.aspx"); } else { showtables(); }
get username via httpcontext class
var user = httpcontext.current.user.identity.name; if (user!= "admin") { response.redirect("~/notadmin.aspx"); } else { showtables(); } in opinion sessions not work it. if application hosted on load balanced server. if server being load balanced, users lose session state information when load balancer sends request server.
Comments
Post a Comment