I am currently looking for some advise & help to how I can avoid people from accessing pages unless they are (1) Logged in , (2) Have the correct role to visit that page.
So far I have done a Login Page / Registration Page & Some more Pages. I also have a database linked to these pages that stores the users & their respective role (Currently on registration the user can select to be an admin or a normal user)
Now I would like that if anyone who is not even a user tries to access a Page by changing the URL , the system would block that and re-direct him to an error page, and so-on so forth.
You can use authorization rules for a particular page or folder in web.config
. The below code snippet will only allow access to users with admin role to the AdminFolder
.
<location path="AdminFolder">
system.web>
<authorization>
<allow roles="Admin"/> //Allows users in Admin role
<deny users="*"/> // deny everyone else
</authorization>
</system.web>
</location>
You can expand as required. There's a very useful blog here
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.