could you please validate if my authentication solution is elegant and safe enough.
Web.config
<authentication mode="Forms">
<forms name=".ASPXFORMSDEMO" loginUrl="logon.aspx"
protection="All" path="/" timeout="30" />
</authentication>
<authorization>
<deny users ="?" />
<allow users = "*" />
</authorization>
In Logon.aspx.cs I have two methods:
private bool ValidateUser(string userName, string passWord)
private void LoginButton_Click(Object sender, EventArgs e)
Inside ValidateUser method all I am doing is executing SQL query to check if entered credentials is similar to database records.
If credentials match I want to perform redirection to page called PrivateRoom.aspx say using Response.Redirect("PrivateRoom.aspx", true);
What do you guys think about such design? How elegant it is and how secure?
Actually, also how do I protect PrivateRoom.aspx against unauthorized access?? Say I always can go http://mysite.com/PrivateRoom.aspx and it will open this page.
Thank you for your answers!!!
