As a glutton for unproven sexual tricks, I adopted System.Web.Routing in my Web Forms application for managing navigation, etc. In addition, I hope to transfer role-based protection from web.config to route definitions, so I can say that "this route is only available for x, y roles."
So, I have a class that implements IRouteHandler and before it tries to load a specific page, which it checks to see if the user is installed in this set of allowed roles. My question is: if this is not the case, how do I redirect to the login page for this handler? I know that you can load the login page for this instance, but I would prefer a clean redirect using the "returnto" page and all.
public IHttpHandler GetHttpHandler(RequestContext requestContext) { if ( AllowedRoles != null ) { bool allowed = false; for ( int i = 0; i < AllowedRoles.Length; i++ ) { if ( requestContext.HttpContext.User.IsInRole( AllowedRoles[i] ) ) { allowed = true; break; } } if ( !allowed ) { ??? } }
source share