开发者

How to ensure user accepts terms and conditions on ASP.NET site

问答 作者:

We're modifying an existing ASP.NET application. We added a Terms and Conditions page with an "Accept" button that stores that choice in the user's account data. We want to prevent the user from accessing any page when the user has not accepted the Terms and Conditions.

I think we want to do this by looking up the "accepted terms" value upon login and storing it in the session. Then we need to intercept every request and check for that session value. (If it's not there, we redirect the user to the Terms and Conditions page.)

Is the PreRequestHandlerExecute method the right place to put this check? This me开发者_开发知识库thod also gets called on requests for stylesheets and images, so it doesn't seem like it was intended for this purpose.

You could take the short way out and put a disclaimer on your login page that by logging in, the user agrees to the (link)Terms and Conditions.(/link) One place I worked, Legal was fine with that and I've seen it plenty of other places.

Are you using the membership and role providers? You could define a role for users who have accepted the T&Cs and limit access to that role through web.config or other means. Another advantage of this approach is that you could define additional roles if (when) T&Cs change and easily force users to accept the new T&Cs.

It is a generic handler, so it gets called for everything. Just put a bit of logic at the top of your handler that exits if it isn't a page you want to control access to.

I have a similar requirement and what I did was to put my validation logic in a base class and make all forms that need this validation inherit my base class.

That way the validation only runs on forms I want, no problems with requests to static content etc...

PreRequestHandlerExecute is the easiest handler that I've found so far. I'll typically use it when I need to assess the value of Session variables before every request, which is similar to what you're doing.

protected void Application_PreRequestHandlerExecute(Object sender, EventArgs e) {
  if (Context.Handler is IRequiresSessionState || Context.Handler is IReadOnlySessionState) {
    // Business Logic Here
  }
}

继续阅读:asp.net

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9