Role Based Forms Authentication in ASP.Net
a member of site alone will not entitle the user to access all the resources
of a website. Different types of users are allowed to access different
contents based on their roles. This method of access can be easily implemented
if the authentication used is Windows and each and every user of the site
has a windows login. But this is not the case in all scenarios. You are
required to provide role based authentication for even users without a
windows login. This is possible with role based forms authentication which
can be done easily. The algorithm for achieving the role based forms authentication
is given hereunder in this content.
the login page
the Application_AuthenticateRequest event handler in the Global.asax file
to get the stored role value and generate a new principal.
The above steps are performed to complete the role based authentication in ASP.Net. You should have organized your website content in folders based on user roles which makes it easy for you to grant permissions for the users to access those contents. A web.config file must be present in the root of the web applications directory for the role based forms authentication to function properly. It is possible to override the authorization in the web.config files in the sub-directories.
A sample code for the web.config file in the root directory of the web application would look something like given below:
This web.config file can be split so that you can delete some <location> block in the above code and have a separate web.config file for the sub-directories. In that case it is enough if you have only the <configuration>, <system.web>, <authorization>, <allow>, and <deny> elements in the web.config file in the sub-directory.
.NET Programming Tutorial Homepage ______________________________________________________
Visit .NET Programming Tutorial Homepage