Hi

Is it possible to specify in the web.config file in each folder that requires forms authentication which page the user should be redirected to if they do not have the correct permissions.

e.g

•     Admin folder (redirect to ~/logout.aspx)
• Report Admin (redirect to ~/permission.aspx)
• Stats Admin (redirect to ~/permission.aspx")
       etc

in my root web.config I have...
 

<authentication mode="Forms">
      <forms loginUrl="~/logout.aspx" ...></forms>
</authentication>

<configuration>
  <system.web>
    <authorization>
      <allow roles="ClauseAdmin" />
      <deny users="*"/>
    </authorization>
  </system.web>
</configuration>

Has anyone successfully done this? Is this impossible
I suppose I will have to think of a work around.

Thanks Rippo
 

Hi

I suggest you don't restrict page in web.config using authorization section. Instead, you can handle the authorization in page_load event, then redirect to whatever page you want. If you don't like the hard coded way, what about store the rule in <appSettings>

e.g: 

<appSettings>

   <add key="FolderName" value="Admin" />

   <add key="LoginUrl" value="Admin\login.aspx" />

</appSettings>

--------------read in code behind------------

if (! User.IsInRole("ClauseAdmin")) {

  string FoerName= ConfigurationSettings.AppSettings["LoginUrl"];
  Response.Redirect(FoerName);

}

Hi this seems to be a very good idea. i tried it on one folder and it working in essence. Are you able to provide a bit more elaborate example on how i can achieve this on 3 difference folders please

 You can also do this directly in CB in your login page

//REDIRECTION AFTER LOGIN BASED ON USER ROLE
    protected void mainLogin_LoggedIn(object sender, EventArgs e)
    {
        if(Roles.IsUserInRole(mainLogin.UserName, "MasterAdmin"))
        {
           Response.Redirect("~/MasterAdmin/Default.aspx");
        }
        else if(Roles.IsUserInRole(mainLogin.UserName, "CustomerAdmin"))
        {
            Response.Redirect("~/CustomerAdmin/Default.aspx");
        }
        else if (Roles.IsUserInRole(mainLogin.UserName, "User"))
        {
            Response.Redirect("~/User/Default.aspx");
        }
        else
        {
            Response.Redirect("~/Default.aspx");
        }
    }

Tell me if I am right in thinking...

Wouldnt this need to be done on every page in the secure folder?

And this method assumes that ther is only one login page that directs the request. but i waas thinking to kave individual login pages inside the secure folders?

so if anyone tried to navigate directly to say MasterAdmin\aaa.aspx they will see a login page within the MasterAdmin folder and so and so forth.

in your previous example you are using appsetting with Key 'FolderName' i wonder what is that used for?

Thanks for you help...