Hi all,
Hope I can get a quick bit of help on the best way to proceed with a security related question.
When my main page loads I would like it to complete a check against a database to make sure it's 'recognised'. The check would involve passing a parameter from the Web.Config file to a MSSQL database. If the database comes back with a positive result (via a stored proc), the application should continue to run. If it does not come back with the OK, it should alert the user, possibly with a redirect.
I have the DB setup and the stored proc running well. I can call the proc and compare it to the web.config value. I set up the code to compare the values inside session_start of Global.asax, redirecting via response.redirect("errorPage.aspx") if it didn't.
First time around it worked great. I gave the web.config file a fake value and the page re-directed me as required. The only problem being I could change the address bar URL to another page name and it ...
Go to the complete details ...