I'm new in asp.net mvc and i need to check if a user is logged in or not in my application so i place the following piece of code in my global.asax
void Application_PreRequestHandlerExecute(object sender, EventArgs e)
{
HttpApplication application = (HttpApplication)sender;
HttpContext context = application.Context;
string filePath= context.Request.FilePath;
string fileExtention = VirtualPathUtility.GetExtension(filePath);
// to skip request for static content like (.css or .js)
if (fileExtention == "")
{
if (filePath.ToLower() != "/account/login")
{
var user = (Utilisateur)context.Session["USER"];
if (user == null)
context.Response.Redirect(@"~/account/login");
}
}
}
I intercept each incoming request to do the checking I'd like to know if there are other ways to do this kind of work and thanks in advance.
Do you need to do it this way? You should check, if you can use asp.net authentication, authorization and membership providers. (They are automatically generated when you make new ASP.NET MVC 3 Application [when you leave the 'Internet Application' checked]).
You can then use annotation for controllers and actions: (pseudocode):
This allows access to controller only to authorized users (you can even specify which users or which roles are allowed): [Authorize(Roles = "Administrators")]
[Authorize]
controller{.....}
And to check if user is logged in, there is already User property with Identity property.
This code checks if user is Authenticated (logged in):
controller...() {
...
if (User.Identity.IsAuthenticated) ...
...
}
Since you mentioned you have your own "module" that works with several databases, I think you should implement this module as a standard ASP.NET / MVC custom membership/authentication provider. You can then use HttpContext.User.Identity.IsAuthenticated and limit the access to your controller's actions (or the whole controller) by decorating it with [Authorize] attribute.
来源:https://stackoverflow.com/questions/5484786/asp-net-mvc-and-check-for-if-a-user-is-logged-in