Lock certain pages and leave others open

I have a website that show info to all users but if you are logged in you get access to more info and pages then unlogged user does.

Can i use some sessions variables and include them in each of the pages ? 开发者_JAVA百科What is the best way to do this.

Also, what is the best way to make user stay logged in, sort of "Remember me" checkbox. Save a cookie on hdd ?

To answer your first question. The easiest route to go is to have something in your code behind that sets the visible flag on or off of certain controls based on something you've saved in session.

This can get complex fast, so I would play with it a bit and figure out what works best with your business rules.

To answer your second question. You should save something in a static cookie that you can reference later. I personally like saving a GUID in their cookie, which I save a copy of in a local database. When someone re-visits the site, I look for this cookie. If the GUID is present and matches one stored for someone in my Database, I auto-log them in.

I would recommend using ASP.NET Membership. It has a Login control with a "remember me" function. You can also restrict access to pages via the web.config with it.

This is a good series of articles on the subject: https://web.archive.org/web/20211020153319/https://www.4guysfromrolla.com/articles/062508-1.aspx

Membership and authentication is one of the basic needs of every Web-Application and among all feature that .net Framework has provided , ASP.NET Membership is one of greatest one that most of developers founded it useful . If you want you can implement your own Authorization and authentication But recommended to use Authentication and Authorization in ASP.NET

you probably need to implement Authorization mechanism for your application

Here is a Built-in Infrastructure provided by Asp.Net

• User-Based Authorization

For second Question, the best way is to use cookies. have a look at this tutorial

• Read, Write, and Delete Cookies in ASP.NET