Security :: Redirect To Different Folders Based On Roles?
Jul 4, 2010
I have implemented membership and enable role based on. I have 2 roles "admin" and "super_admin" and once the user login, I want to redirect them to different folder based on their role. My guess is, the redirection need to be determined once the user clicked login on the login control and here is my code.
[Code]....
However, whenever the user login (regardless of admin or super_admin) the page keeps redirection to Anyone/Default.aspx.
Is there a tutorial on how to redirect user to a specific web page based on his/her role? For example, I have teacher role and student role. When the teachers login, it will redirect the teacher to the teacher web page and the students redirected to the student web page.
I am using Formsauthentication. My situation is as per below:
the login form has codebehind :
protected void LoginButton_Click(object sender, EventArgs e) { TextBox uname = Login1.FindControl("UserName") as TextBox; TextBox pass = Login1.FindControl("Password") as TextBox; CheckBox rm = Login1.FindControl("RememberMe") as CheckBox; Literal fail = Login1.FindControl("Literal1") as Literal; if (Membership.ValidateUser(uname.Text, pass.Text))
[Code].....
Now the problem is that when I try to login with proper credentials it first redirects to default.aspx( there is no such page in my project), after login again with same credentials it properly redirects to the correct page. Why such problem arises? to fix this?
In my project I have one folder called Administration (contains pages created for administrating the public part of the page) and in root I have public pages. What I want to do is to prevent anyone beside administrator to enter the Administration part and to make the Administration/Login.aspx default page for entering Administration part. This part makes me confused. I tried to create the access rules, but that wasn't the option because I upload the images to the Administration/Upload folder so if I deny the users the images on the public part can't be accessed.
The second problem I don't know how to solve is public part of the page where I want to allow commenting only to logged in users (users only, not the admin). How to check if user is logged in and authetificated and how to enable the commenting part of the form to him (textbox and submit button).
I need to implement Code Access Security, and URL based security using the roles & types...
For instance, the (Subscriber/Basic) would need to view a different set of pages, and have different access to things then a (Subscriber/Business).
I think I can handle the Code Access security with a custom attribute, but I am unsure to how enforce a User be apart of 2 roles in the URL Authorization.
I am currently using the web.config to deny/allow access to the directories/pages.
e.g.
/Areas/Admin/web.config
[Code]....
Is it possible to force the user to be apart of 2 roles with this technique?
I am currently having a spot of bother in something im trying to create. I want it so when a user who is in a certain role logs in they are directed to a certain page, and any other normal users are directed to another page.
I think i have this sorted via code but...
-The first time it will work, the 'admin' user will get directed to the appropriate page
-I then log out and log in as a normal user and get directed to the appropriate page
-then when i log out of that users account and back into the admin one i get directed to the normal users page instead.
-additional to this, I tried it on a different machine logging in as the admin user only to be redirected to the normal users page (is my session being stored somewhere?)
Ive traced through the problem and the user name and password being subbmitted are what they should be, yet it skips the true part of my IF statement for being in that role.
Here is my code I am using on the login form:
[Code]....
-When stepping through if seen it work and not work with the same values, I cant understand the logic of its inconsistency
the code i am using for the logout is (this is on my masterpage):
What I want I'm trying to do seems very simple, but I'm having difficulty in understanding what modifications (properties or classes) to make and where (web.config? source code? master.site?)
All I'm attempting to do, using the login.aspx script in Visual Studio 2010, and based on the roles to which I had configured in the ASP.NET configurator, to include access rules, is redirect users to different URLs based upon whether they are Admin or Manager or User.
I'm seeing many different suggestions on the internet, I don't know where to start. =/
I'm trying to redirect users upon login based on their roles which were defined in the Administer website feature of asp.net.Heres what I'm trying protected void Login1_LoggedIn(object sender, EventArgs e)
I have a website where users can login and they have different roles/privileges. I want to have it where the user's view of the webpage is determined by their role. Right now I am storing the role in the UserData property of the FormsAuthenticationTicket class (which is retrieved from a database during login). When the main page is loading, I want it to check the user's role and then only show the controls/portions of the page that are for that role. For example, if the user is not an administrator, they shouldn't be able to click on a button to delete a record. At the moment I am using labels to hide or show areas depending on the user's role. Something like this:
[Code]....
[Code]....
And here is a portion of the markup code with the Labels:
[Code]....
This works, but doesn't seem to be a very good way to handle this type of thing. Is there a cleaner, more elegant way of doing this? Something similar to the LoginView control, but which I can use for roles?
I'm using the built-in membership controls and classes to manage authorization and authentication in my app. Here's what I want to do: If the user is in "Manager" role, I want to send him/her to the manager page no matter where he/she came from. If the user is in "Supervisor" role, I want to send him/her to supervisor page no matter where he/she came from. However, if the user is not in any role, just a registered member, I want to send him/her back to where he/she came from as stated in ReturnUrl. If no, ReturnUrl is specified, I will send him/her to the home page.
On my login page, I'm using the Login server control but in my code behind, there's no method wired to the control because the control takes care of everything. I assume I need to add a method and wire it to the submit button, is that right? If so, I'll have to really handle the login event which means I'll need more info about how to do that.
I have been using the following tutorial and had to convert the code to C# for my project, now i cant get the code to work, im getting red line under the word "in" in the UpdateRolesFromList, i tried to add a datasource on page load for the checkboxlist like so RoleList.DataSource = PopulateRoleList(User.Identity.Name.ToString());and gives me error saying cannot implictly convert type 'void' to 'object' [URL]What am i missing, that when i load the page or even do a search it never displays the checkbox list as it shows in the tutorial?
I need to implement field level security based on the roles. I have a page Employee.aspx . In that i have ten controls. If i am enter as admin role i need to show all the controls. If i am enter as user have to show only five controls. How to design the appplication for control level security?
any user can see Adv page. That is a trouble and a qustion : why and how to hide out of role sitenodes.
little addition : <siteMapNode roles="*"> appears to all nodes If I don't do roles="*" on main node, all users can't see Main node ... And I SiteMapDataSource works only if there 1 node
As mentioned in subject line I'm not able to configure role based website in IIS7. Please find details below.
Environment Details:-
.Net Framework: 3.5
Server: Windows 2008
Webserver: IIS7
Database: SQL Server 2008
Authentication Type: Form Based
Roles/Membership Provider: User defnied.
Problem:-
After setuped my website in iis7 while trying to Login in web page even I entered correct password it says Incorrect password in Login control.After long googling I suspecty that we need to add "Provider to trusted provider" to Authorized provider. I have gone http://www.iis.net/ConfigReference/system.webServer/management/trustedProviders/add but didn't works for me. Can you anyone please help me in this.
i am using asp.net membership. when users arrive at my sight they can enter user name and password.
I then want to redirect them to a page called "MyAccountPage.aspx" which is unique to them. could someone post the c sharp code that I can use to capture the Unique Id of the user is it best to then pass this as a parameter to a control on the aspx page that displays data for that user. am I correct in thinking that I need a UserId column in my data table as well.
I want to know how can i redirect a user to a different page when he tries to access a page restricted to another role?
The scenario is as follows:
I have a folder "Gestao" that only allows users in role "Administrator"
[Code]....
If an anonymous user tries to access that folder he is redirected to the login page, but if a logged in user whose role is "friend" tries to access this folder he is also redirected to the login page. I want to redirect him to a page showing a message that he has no permission to access that page/area.
How can I do that? Should i have code on the Page_load event of the login page checking the user role and then redirect him to the correct page? Or is there some otherway to do this?
I'm not sure if this is possible or not, I'm using Roles to limit what pages a user can access based on there assigned Role. My question, is there anyway to redirect the user to a specific web page based on thier role after they login.
For example:
If Bob logs in with Role="Automotive", I want him to be redirected to Auto.aspx.If sue logs in with Role="Clothing", i want her to be redirected to cloths.aspx.
I have a multi level application that I am developing and need to block multiple rows from being joined. I know how to hide one role but I cannot figure out how to hide multiple.
I want code in VB.NET to create javascript arrays of the folder contents that can then be used on the client end. I only need arrays for all folders contained in folders starting with ad_ and an array for all the base folders . like so:
var folders=["ad_folder","ad_code","ad_prep","ad_bin"]; var ad_folder=["folderA","folderB","folderC","anotherFolder","etcfolder"]; var ad_code=["folderA","folderB"]; var ad_prep=["folderA","etcfolder"]; var ad_bin=["etcfolder"];
note that I do not know the number of or the names of the folders, they can be different in different cases, I only have the root path.
Newb question: what is the standard practice for assigning roles to newly signed-on members. Is it usually manual or is there a way of automatically assigning roles. Being completely new to this, I am confronted by the issue of my site having three different roles that new members could fall into, but am unsure about how to assign each a role. I can't imagine having to go through the process manually if I have thousands of members.
I am currently working on a website with a Tab Container with roughly 5-10 tabs. I would like to have an Admin tab that is disabled to all users except those who are assigned in an Admin role (I have 2 roles, Admins and Customers). I am fairly new to ASP.NET so please bare with me. I have been crashing through it for about 3 weeks now, trying to help a friend get a site up and running!
I'm trying to implement the following adjustments to the default ASP.NET RoleProvider so that it supports hierarchical role definitions. However i cannot create the following function, it keeps Executing the function.
Ref: [URL]
What is wrong with this function?
-- Template generated from Template Explorer using: -- Create Multi-Statement Function (New Menu).SQL -- -- Use the Specify Values for Template Parameters -- command (Ctrl-Shift-M) to fill in the parameter -- values below. -- -- This block of comments will not be included in -- the definition of the function. SET ANSI_NULLS ON GO SET QUOTED_IDENTIFIER ON GO -- Author: <Author,,Name> -- Create date: <Create Date,,> -- Description: <Description,,> CREATE FUNCTION [dbo].[aspnet_Roles_Ancestor_TVF] ( @RoleId uniqueidentifier ) RETURNS @aspnet_Roles TABLE ( ApplicationId uniqueidentifier , RoleId uniqueidentifier , RoleName nvarchar(256) , LoweredRoleName nvarchar(256) , Description nvarchar(256) , ParentRoleId uniqueidentifier ) AS BEGIN ; WITH aspnet_Roles_CTE ( ApplicationId , RoleId , RoleName , LoweredRoleName , Description , ParentRoleId , HierarchyLevel ) AS (