Home
ASP.NET Forums » General ASP.NET » Configuration and Deployment » Redirect a user with invalid permissions

Redirect a user with invalid permissions

Last post 07-03-2009 9:39 AM by mandrews1234. 3 replies.

Sort Posts:

  • Redirect a user with invalid permissions

    07-02-2009, 4:01 PM

    I have went through and put in web.config files in each folder giving specific roles access or not. Now whenever a user tries to go to a page that they don't have access to, they get redirected to the login page. How do I change that to a generic "sorry you don't have permissions to see this page" page? Also, what is wrong with this if statement I want to redirect the user if they are not either a site admin or a super admin

    If Not ((Roles.IsUserInRole(Membership.GetUser.UserName, "SiteAdmin")) Or ((Roles.IsUserInRole(Membership.GetUser.UserName, "SuperAdmin")))) Then
                Response.Redirect("PermissionsError.aspx")
            End If ' if not roles

    I get an error saying that the specified cast is not valid.

  • Re: Redirect a user with invalid permissions

    07-02-2009, 4:34 PM
    Answer
    • Contributor
      4,478 point Contributor
    • sukumarraju
    • Member since 06-14-2006, 10:01 PM
    • Scotland, UK
    • Posts 1,031
    		 
    //You can use LoginView control to achieve this. Instead of redirecting to 
//permissionsError.aspx you can display the Authorization message on the same 
//page.

<asp:LoginView ID="LoginView1" runat="server">
     <LoggedInTemplate>
          You are not a member of the Supervisors or Administrators roles. Therefore you cannot edit or delete any user information.
     </LoggedInTemplate>
     <AnonymousTemplate>
          You are not logged into the system. Therefore you cannot edit or delete any user information.
     </AnonymousTemplate>
</asp:LoginView>

    • Refer this article that explains in detail.  Please note here are number of videos on security including Role based security.
    • Check this video that explains indetail, how to Authorize using Roles.

    Let me know further Queries.

    -- "Mark As Answer" if my reply helped you --
    Recommended Book
    Application Architecture Guide 2.0
    My Blog

  • Re: Redirect a user with invalid permissions

    07-02-2009, 4:48 PM
    • Member
      16 point Member
    • briangreig
    • Member since 01-07-2006, 1:59 AM
    • Ann Arbor MI
    • Posts 3

     Why not just add this to your Web.config files:

    <system.web>
<customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
<error statusCode="403" redirect="PermissionsError.aspx" />
</customErrors>

</system.web>

    This will redirect all 403 errors (access denied) to your custom page.
    Good Luck,
    Brian

     

  • Re: Redirect a user with invalid permissions

    07-03-2009, 9:39 AM

    Did you guys see my if statement question. What is wrong with that? Also I tried the custom errors thing in my web.config but it still redirects to login.aspx. I can't use a logged in template because they are logged in, they just don't have the correct role. Am I correct on that? Thanks for all of your help.
Page 1 of 1 (4 items)
RSS Available

Contact | Advertise | Ads by BanManPro | Running IIS7
All Rights Reserved. | Terms of Use | Trademarks | Privacy Statement
© 2009 Microsoft Corporation.