In my application I have different roles and offcourse multiple pages. How do I secure webpages that may not be accessed by certain roles?
Imagine group 1 has access to webpage a.aspx, b.aspx and c.aspx but not to webpage d.aspx. How do i secure that when a user of group 1 types in d.aspx he cannot view the page?
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
You have to add in web.config, which Role can get which page.
<location path="yourPage.aspx">
<system.web>
<authorization>
<deny users="?"/>
<allow roles="Super Admin"/>
<deny users="Admin"/>
</authorization>
</system.web>
</location>
Method 2
This is a big topic but I think what you want to look into is the ASP.NET Membership Provider.
I would start here: Examining ASP.NET 2.0’s Membership, Roles, and Profile.
There’s one thing messageboard
websites, eCommerce websites, social
network websites, and portal websites
share in common: they all provide user
accounts. These websites, and many
others, allow (or require) visitors to
create an account in order to utilize
certain functionality. For example, a
messageboard website, like
ASPMessageboard.com, allows anonymous
and authenticated visitors to view and
search the posts in the various
forums. However, in order to be able
to post a new thread or reply to a
message a visitor must have an account
and must log into the site.
Method 3
This might help you.
Authorization module which applies authorization to matching urls:
http://code.google.com/p/talifun-web/wiki/RegexUrlAuthorizationModule
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0