We can restrict access to certain folders of our website based on the roles we have defined in the Membership API. The following configuration ensures that only users in the Member role have access to this site's section :
<configuration>
<system.web>
<authorization>
<allow roles="Member" />
<deny users="*" />
</authorization>
</system.web>
</configuration>
This requirement is enforced by ASP.NET based both on Forms Authentication and the Membership API. When a user accesses the secured folder, it's username is extracted from the authentication cookie we have previously set through Forms Authentication. This username is then looked up in the Membership API to check if it is part of the allowed roles. If so, the page is rendered. Otherwise, the user is redirected to the Forms Authentication login URL.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment