Never Use Master page on login page
Example of login page
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="Admin_Default2" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title>Untitled Page</title>
<style type="text/css">
.style2
{
height: 23px;
}
</style>
</head>
<body>
<form id="form1" runat="server">
<div><center>
<table>
<tr><td>
<th style="border-bottom:1px solid #000000;" colspan="2">Welcome to admin login page!</th></td></tr>
<tr>
<td>
Name
</td>
<td>
:
</td>
<td>
<asp:TextBox ID="txtname" runat="server"></asp:TextBox>
</td>
</tr>
<tr>
<td>
Password
</td>
<td>
:
</td>
<td>
<asp:TextBox ID="txtpass" runat="server" TextMode="Password"></asp:TextBox>
</td>
</tr>
<tr>
<td >
</td>
<td >
</td>
<td><asp:Button ID="btnsubmit" runat="server" Text="Sign In" align="left"
onclick="btnsubmit_Click" />
</td>
</tr>
</table></center>
</div>
</form>
</body>
</html>
On code behind page
/// create session while login if not redirect to login page
protected void btnsubmit_Click(object sender, EventArgs e)
{
if (txtname.Text.ToString().Trim() == "admin" && txtpass.Text.ToString().Trim() == "enigma")
{
Session["Username"] = txtname.Text.ToString().Trim();
Session["User"] = txtpass.Text.ToString().Trim();
Response.Redirect("Registration.aspx");
}
else
{
Response.Write("Invalid Username and password");
}
}
On master page which is used in internal page
protected void Page_Load(object sender, EventArgs e)
{
Page.Response.AppendHeader("Cache-Control", "no-store, no-cache, must-revalidate, post-check=0, pre-check=0");
This will clear the cache and brower history.
if (Session["User"] == "" || Session["Username"] == "" || Session["User"] == null ||Session["Username"] == null)
{
Session.Abandon();
Session.Clear();
Response.Redirect("Default.aspx");
}
}
default is my login page this is done because if session not available than automatically redirected to login page.
In the Global file Use this it will always prevent from unauthorized user
void Application_Start(object sender, EventArgs e)
{
// Code that runs on application startup
}
void Application_End(object sender, EventArgs e)
{
// Code that runs on application shutdown
}
void Application_Error(object sender, EventArgs e)
{
Exception ex = Server.GetLastError().GetBaseException();
// Code that runs when an unhandled error occurs
}
void Session_Start(object sender, EventArgs e)
{
Session["Username"] = "";
Session["User"] = "";
Session["emailid"] = "";
// Code that runs when a new session is started
}
void Session_End(object sender, EventArgs e)
{
// Code that runs when a session ends.
// Note: The Session_End event is raised only when the sessionstate mode
// is set to InProc in the Web.config file. If session mode is set to StateServer
// or SQLServer, the event is not raised.
}