Introduction
The following describes the easiest way I have found to force users to log into an ASP.NET website for each session but not require them to accept cookies. You must do the following things.
- Create a Web.config file with the appropriate entries to allow session state management.
- Create a well formed Global.asax file with the code below included in it.
- Create a login page to authenticate users against a database or whatever method you desire.
Code usage
Required Code in the Global.asax
Sub Session_Start(ByVal sender As Object, ByVal e As EventArgs)
Session("Loggedin") = ""
CheckLoggedIn()
End Sub
Sub Application_OnPostRequestHandlerExecute()
CheckLoggedIn()
End Sub
Sub CheckLoggedIn()
If Session("LoggedIn") = "" And InStr(Request.RawUrl, "Login.aspx") = 0 Then
Response.Redirect("~/Login/Login.aspx")
End If
End Sub
Finally create a Login.aspx file that authenticates the user. If the user is allowed in, set: Session("Loggedin") = "Yes"
That's all there is to it. Hope this helps! Enjoy!