1

I have a standard ASP.NET website with Forms Authentication.

The "Moderators" role which some users have, should allow them to access the "/moderators/" folder. However if a user who is not in the moderators role tries to access this folder, they are redirected to the standard login page, despite the fact they are already logged in.

This is configured in web.config:

    <location path="moderators/" inheritInChildApplications="false">
      <system.web>
      <authorization>
          <allow roles="Moderators" />
          <deny users="*" />
       </authorization>
      </system.web>
    </location>

How can I force them to a different page explaining they are not in the role rather than the login page?

I have more than one role with this problem, so I need to direct them to a different URL depending on the Role they are missing.

NickG
  • 9,315
  • 16
  • 75
  • 115
  • Just add some code in your `Login.aspx` page, if user is authenticated (`User.IsAuthenticated`) then redirect to the page you want with `Response.Redirect()`. – Adriano Repetti Mar 27 '14 at 10:23
  • No that won't work. That would redirect ANY user who hits the login page, who is already logged in to the "you're not in the role" page. I only want users to be redirected if they've tried to access one of the restricted pages. Bear in mind too that I have multiple roles and I would need to send them to the correct page for the role concerned. – NickG Mar 27 '14 at 10:33

1 Answers1

0

One way of doing this which would be to parse the requested path out of the ReturnUrl querystring variable.

eg assuming they get redirected to:

/login.aspx?ReturnUrl=%2fModerators

...then in Page_Load of login.aspx:

if (Context.User.Identity.IsAuthenticated)
{
    string returnUrl = Request.QueryString["ReturnUrl"];
    if (!string.IsNullOrEmpty(returnUrl) 
            && returnUrl.StartsWith("/moderators")
            && !Context.User.IsInRole("moderators")))
    {
        Response.Redirect("~/not-in-role.aspx?role=Moderators");
    }
}
NickG
  • 9,315
  • 16
  • 75
  • 115