I am currently looking for some advise & help to how I can avoid people from accessing pages unless they are (1) Logged in , (2) Have the correct role to visit that page.
So far I have done a Login Page / Registration Page & Some more Pages.
I also have a database linked to these pages that stores the users & their respective role (Currently on registration the user can select to be an admin or a normal user)
Now I would like that if anyone who is not even a user tries to access a Page by changing the URL , the system would block that and re-direct him to an error page, and so-on so forth.
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
You can use authorization rules for a particular page or folder in web.config. The below code snippet will only allow access to users with admin role to the AdminFolder.
<location path="AdminFolder"> system.web> <authorization> <allow roles="Admin"/> //Allows users in Admin role <deny users="*"/> // deny everyone else </authorization> </system.web> </location>
You can expand as required. There’s a very useful blog here
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0