I have some created web forms and I need to check whether the user is authenticated or not, before displaying the other web forms. All the users can access Default.aspx and About.aspx pages.
And I have three types of users namely- Admin,User and Super User. Also, I keep the authentication details in my own SQL server db.
How can I do this?
Thanks in advance!
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
First establish membership and role provider. There is whole story about it. I will give a help here.
Here is link to SqlMembershipProvider (one of the options you can take):
http://msdn.microsoft.com/en-us/library/system.web.security.sqlmembershipprovider.aspx
Here is link to SqlRoleProvider (again only one of the options you can take)::
http://msdn.microsoft.com/en-us/library/system.web.security.sqlroleprovider.aspx
After you have established this you can limit user/role access on folder level. Put this code to web.config (inside configuration tag):
<location path="AdminPages">
<system.web>
<authorization>
<allow roles="Administrator"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="UserPages">
<system.web>
<authorization>
<allow roles="Administrator,User"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
Here is little explaination. Root folder “AdminPages” will be alowed only to users in role “Administrators”. Root folder “UserPages” to users in role “Administrator” and “User”. In both cases unknown users will not be allowed to access folders. This is all you need. Alternative to this is to create class that inherits from Page and then there handle page access… however I would not go that way.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0