roles in web.config

  • Thread starter Thread starter scottw512
  • Start date Start date
S

scottw512

Hi,

We have roles defined in web.config and have setup our roles system
where we can use User.IsInRole. The problem is that when a page fails
a role check, ASP.NET redirects it to the Forms Authentication login
page, instead of throwing a 403 HTTP exception that I can catch and
redirect to a not authorized page. How can I catch when this happens
and override the default behavior?

Scott
 
Hi,

We have roles defined in web.config and have setup our roles system
where we can use User.IsInRole. The problem is that when a page fails
a role check, ASP.NET redirects it to the Forms Authentication login
page, instead of throwing a 403 HTTP exception that I can catch and
redirect to a not authorized page. How can I catch when this happens
and override the default behavior?

Scott
Click to expand...

The easiest way would be to let the forms tag in web.config point to your
not-authorized page.
<authentication mode="Forms">
<forms loginUrl="notauthorized.aspx" />
</authentication>

This will redirect your non authenticated users to that page when they want
to access a not authorized page.

Then, you could put a link to the login page on this not-authorized page,
and everywhere else where appropriate.
 
Back
Top