Building e-Commerce Sites with the .NET Framework

Restricting Access to the Order Status Page

Because an order is specifically tied to a user, we must make sure that the user has logged in to the site and has been authenticated. Doing so ensures us that the user will see only the order she placed on the site and not be able to look at anyone else's orders.

To implement this functionality, we must ensure that the order status page is protected from anonymous users. An anonymous user is one who has not been authenticated, meaning the application doesn't know the identity of the user. In ASP.NET, limiting access on a page to only authenticated users is actually a simple task.

The page that we restrict to only authenticated users is actually MyProfile.aspx. Listing 17.1 shows the settings required ...

Get Building e-Commerce Sites with the .NET Framework now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Building e-Commerce Sites with the .NET Framework by Jason Bentrum, James Whatley

Restricting Access to the Order Status Page

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly