I had created  a small intranet application . Here the new user should register before he needs access to the application. Once registered, all the details of him are stored into the database.   Once the user  enter the username and password, it checks in the database whether the user exists or not. As in my case, there are users with three roles : admin, manager and supervisor and I indicated the same in the database. Thats fine and I am able to do it till here . How is it possible to restrict users to view specific pages ? I think , it is possible by using ASP .Net configuration tool(Assigning roles),  but by using it we should create users again and assign roles to them . Right ?  Isn't it possible for the Configuration tool to refer for the users in the database and based on the role he is assigned  give access to specific webpage ?

 I am in urgent need of this  .

Hi,

You can use these tags in your web.config file:

<location path="adminpage.aspx">

<system.web>

<authorization>

<allow roles="Administrators"/>

<deny users="*"/>

</authorization>

</system.web>

</location>

Hi,

you can put in page load event handler for admin pages this

If User.IsInRole("manager") or User.IsInRole("supervisor")  Then

End If

that way you will restrict from view admin pages all users that belong to manager or supervisors group

Hope it helps

Regards

--------------------------------------------------------------------------

Please do not forget to mark as "Answered" the correct answer. Thanks

Hey Bucovich,

                   I am not using any membership controls in this application. I am  following in a traditional approach.  I am not using this ASP .Net configuraion tool for creating / managing users or roles at any point.  Everything should be done by using database because my application supports hundreds of users and it is difficult to create each user with the help of config tool.

              So , Can u please help me or  post any links related to this context.

Hey Bucovich,

                   I am not using any membership controls in this application. I am  following in a traditional approach.  I am not using this ASP .Net configuraion tool for creating / managing users or roles at any point.  Everything should be done by using database because my application supports hundreds of users and it is difficult to create each user with the help of config tool.

              So , Can u please help me or  post any links related to this context.

When user logs in, you can create a cookie with there Username and say "Admin" or "Manager" in there. On page load if the page is only for "Manager"

Check for that in cookie and grant access if its Manager, otherwise redirect with some message.

You can use .NET inbuilt Forms Authentication to achieve it.

 You can customize asp.net mempership and roles to your own needs. There you have all the functionality you need.

This links helped me a lot the first time:

http://weblogs.asp.net/scottgu/archive/2006/02/24/ASP.NET-2.0-Membership_2C00_-Roles_2C00_-Forms-Authentication_2C00_-and-Security-Resources-.aspx

http://msdn2.microsoft.com/en-us/library/f1kyba5e.aspx#Mtps_DropDownFilterText

http://msdn2.microsoft.com/en-us/library/f1kyba5e.aspx#Mtps_DropDownFilterText

takes some time to read but it's usefull.  

 HI,

You can use form Authentication for this if you dont want to use ASP.NET 2 Builtin controls.

check out this post for form authentication:

http://msdn2.microsoft.com/en-us/library/aa302399.aspx 

 
as its mentioned in the previous post, the Login controls which comes with ASP.NET 2.0 are fully customizable which are time saving if you want.