IsPostBack on page that requires authentification

Question

I have an asp.net code behind file with the following code:

    protected void Page_Load(object sender, EventArgs e)
    {
        if (!IsPostBack)
        {
            if (User.Identity.IsAuthenticated)
            {

The piece of code that comes after is used to render some controls and should only be visible to authenticated users; I'm using asp.net Identity.

My question is this: should I leave my code as is or would it be more secure to rewrite it like this:

protected void Page_Load(object sender, EventArgs e)
{
    if (User.Identity.IsAuthenticated)
    {
        if (!IsPostBack)
        {

You could decorate it with `[Authorize]`, see http://stackoverflow.com/questions/10848086/authorize-attribute-in-asp-net-mvc — TheGeekZn, Feb 25 '14 at 13:10
Is a postback possible for an unauthenticated user? If so, you should probably leave it. — Tim, Feb 25 '14 at 13:12

Ramesh Rajendran · Accepted Answer · 2014-02-25T13:17:16.057

Simply best in second way , Because if the user does authenticate, then only hit next code.

protected void Page_Load(object sender, EventArgs e)
{
    if (User.Identity.IsAuthenticated)
    {
        if (!IsPostBack)
        {

I have write this code, like asp.net page life cycle

S ILVER

I-Init
L-Load
V-Validation
E-Event
R-Rendering

So the code look like the better approach is

protected void Page_Load(object sender, EventArgs e)//Load
    {
        if (User.Identity.IsAuthenticated)//Validation
        {
            if (!IsPostBack)
            {
              //Rendering
              .
              .
              .
              .

interesting term: **S ILVER**, +1 – Habib Feb 25 '14 at 15:30 — Habib, Feb 25 '14 at 15:30

IsPostBack on page that requires authentification

1 Answers1