Hello
This article deals with the problem of getting access to the restricted area of a website even after logging out.
We are not going to use form Controls like login control and etc.
1) Let us first see what happens when you visit a webpage. When it is loaded into your browser, it keeps copy of the page in browser cache. Now suppose, a user request for a url http://www.domain.com/restrictedarea/login.aspx. When this url opens, it asks for username and password. Based on authentication, user is redirected to home page of that restricted area. When that home page loads, its copy is captured by browser cache. Now when a user click logout, we will definately redirect user to login page or any other page of our choice. But problem now starts, when user click back button of a browser, cached copy of that browser will be displayed again revealing the text of that page to another user on that pc.
2) This needs to be prevented especially in a case when you are working on a public computer and you dont want that page again to be viewed by anonymous user.
3) Now lets see the solution.
4) For this demo, we will create 2 aspx pages SignIn.aspx, home.aspx
5) Below is the coding of SignIn.aspx
********************
using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;

public partial class SignIn : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{

}
protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
{
if (this.Login1.UserName==”sa” && this.Login1.Password==”sa”)
{
HttpCookie ck=new HttpCookie(“AdminLogin” , “true”);
ck.Expires=DateTime.MaxValue;
Response.Cookies.Add(ck);
Response.Redirect(“Home.aspx”, true);
}
}
}

In the above coding when user enters username and password and clicks sign in button, credentials are checked and if found correct, one cookie value is created Response.cookies(“AdminLogin”)=true to tell the session that admin login is correct. Now you will be redirected to home.aspx which looks like following
**************
using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;

public partial class Home : System.Web.UI.Page
{

protected void LoginStatus1_LoggingOut(object sender, LoginCancelEventArgs e)
{
HttpCookie ck = Request.Cookies[“AdminLogin”];
ck.Value = “false”;
ck.Expires = DateTime.MaxValue;
Response.Cookies.Add(ck);
Response.Redirect(“SignIn.aspx”);
}
}
What this page does is it just set previous cookies values to false and redirects user to SignIn.aspx
6) Now the main thing lies in home.aspx
With simple aspx page, it will be cached in browser and it will be displayed no matter you do.
Now we have to tell the home.aspx page that session of admin is over and also you should not leave a copy of yours on browser cache.
This is how it is done
***********
using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;

public partial class Home : System.Web.UI.Page
{

protected void Page_Load(object sender, EventArgs e)
{
Response.Cache.SetCacheability(HttpCacheability.ServerAndNoCache);
HttpCookie ck = Request.Cookies[“AdminLogin”];
if (ck!=null)
{
if (ck.Value==”false”)
{
Response.Redirect(“SignIn.aspx”, true);
}
}
}}

The first line of the page not to cache itself. Then simple is that, check cookie value we created in SignIn.aspx and check that its not false or null. If it is, then redirect the user to SignIn.aspx.
This will even work when you press back button of the browser.
Thats it.
I hope this basic security info will be helpful to many visitors.
Bye and have a nice day

you can download code from here

if it is helpful, plese dont forget to leave a comment.