Hope I can get a quick bit of help on the best way to proceed with a security related question.
When my main page loads I would like it to complete a check against a database to make sure it's 'recognised'. The check would involve passing a parameter from the Web.Config file to a MSSQL database. If the database comes back with a positive result (via a stored proc), the application should continue to run. If it does not come back with the OK, it should alert the user, possibly with a redirect.
I have the DB setup and the stored proc running well. I can call the proc and compare it to the web.config value. I set up the code to compare the values inside session_start of Global.asax, redirecting via response.redirect("errorPage.aspx") if it didn't.
First time around it worked great. I gave the web.config file a fake value and the page re-directed me as required. The only problem being I could change the address bar URL to another page name and it loaded correctly. I guess it saw the session as started and didnt run the check.
I finally tried putting in a session.abandon() before the redirect, the the pages just loop forever until I broke the debugger.
What's the best way to do this check, against any page request in the solution?
View Complete Post