Asp.net Form Authentication

Question

Asp.net Form Authentication

I am working on an Asp.net Application, where I have 4 roles in my application. 1. Administrator 2. User 3. Reseller 4. Affiliate program. And I use Authentication for this, so that everything works fine for a single role (User). But now I have 4 roles, and I do not understand how this can be done. I have 4 folders for different users. If I log in with a reseller account, and if I change the URL for the user, this will also allow me to access the user part. But I do not want this. I need the user to be able to access only their access area in my application. Means If your reseller has registered, he can only access the pages of the reseller or the same folder.

Please help me find this solution.

+5

authorization asp.net forms forms-authentication

Pankaj mishra Dec 10 '10 at 11:45

source share

5 answers

Philpursglove · Answer 1 · 2010-12-10T11:52:24+0000

There are two things here. First of all, restricting access to each folder by role should be quite simple if you use elements <location>in your web.config, for example.

<location path="Resellers">
    <system.web>
        <authorization>
            <allow roles="Reseller"/>
            <deny roles="*"/>
       </authorization>
    </system.web>
</location>

<location path="Users">
    <system.web>
        <authorization>
            <allow roles="User"/>
            <deny roles="*"/>
       </authorization>
    </system.web>
</location>
...

Also on your individual pages, you can call a function IsUserInRoleto check if your user has the correct role to access the page.

You might want to get a copy. Starting with ASP.NET protection , she got some great information on how to do this.

RJ. · Answer 2 · 2010-12-10T11:58:25+0000

web.config , , :

[PrincipalPermissionAttribute(SecurityAction.Demand, Role = @"Administrators")]

, . , , .

Lazarus · Answer 3 · 2010-12-10T11:52:15+0000

web.config , , ..

<authorization>
  <deny users="?" />
  <allow roles="Administrators" />
  <deny users="*" />
</authorization>

"".

Klaus Byskov Pedersen · Answer 4 · 2010-12-10T11:53:30+0000

web.config, . , web.config, :

<authorization>
  <deny users="*"/>
  <allow roles="Resellers"/>
</authorization>

.

sam · Answer 5 · 2010-12-10T11:57:00+0000

use the code below:

<location path="Users">
        <system.web>
            <authorization>
                <allow roles="Users"/>
                <deny users="*"/>
            </authorization>
        </system.web>
    </location>

Asp.net Form Authentication

More articles: