Need to check that user is signed in to application

[chines]

Every ASPX page in my company's Web application checks that the user is signed in to the application before displaying the page. One of our clients recently discovered that our WebHelp is available to anyone who types in the correct Web address. They consider this a security hole. My company now wants to put checks around each of the WebHelp pages, so that it will check that the user is signed in to the application before displaying a Help page.

What do we need to do for this to happen? How can we authenticate users in HTML pages? In the ASPX pages, they make a call to a separate file, which does the checking.

[i-tietz]

Your application is online and the help too? Then it's the business of the sys admin: there's sth like session ids that expire as soon as the session is closed.

[LTinker68]

I have not tried this myself, but you can use WebHelp Plus for the output and specify that its pages end in .aspx. Then in the masterpage you could add the code that does the checking to see if the user is logged in -- when you build the output, that code will be added to every topic, or at least every topic that points to the masterpage. (So if you use multiple masterpages in your project and the output, then you need to add the ASP code to each masterpage.)

[Doug Eaton]

Does anyone have additional experience related to this issue? Although our secure web-based application requires a login, WebHelp can be accessed by entering the url of a Help page. Among other concerns, this raises an export-control issue. Help should be easy to access within the application, but as difficult to get to from outside of the application as is any other content in the application.