0

I'm using Asp.net Identity.

Currently have 7 types or roles in the system. A user can only have 1 role. How can I set the redirect URL based on the user role if that user lands on a protected page that his role doesn't have privilege to?

For example a Student user of role Student goes to Teacher.aspx. He is not authorized so the default is that he is redirected to the login page. But I would much rather redirect him somewhere else depending on his role because he is already logged in.

darren
  • 18,845
  • 17
  • 60
  • 79
  • What have you tried so far? There are a lot of questions on here about access rights and redirects on certain pages. – DanM7 May 21 '14 at 14:59
  • well basically I'm just using a web.config within the folder of the pages I want to protect. There I specify which roles are allowed. That's the only authorization I've done now. In my App_Start / Startup.Auth.cs I have specified my login page. Now it's come up that a user might be authenticated but still not allowed to view pages for other roles. I can check on the page load of every page for the user role and redirect but I was wondering if there was a better way, something perhaps that just needs some setup already part of asp.net identity. – darren May 21 '14 at 16:22

1 Answers1

0

User the System.Web.Mvc.AuthorizeAttribute attribute. You can use it like so:

[Authorize(Roles="AuthorizedRoleOne,AuthorizedRoleTwo")]
public ActionResult Index()

By default it will redirect unauthorized users to a login page. If that isn't what you want have a look at this question (you can inherit from the attribute and change the behavior).

Community
  • 1
  • 1
Casey
  • 3,307
  • 1
  • 26
  • 41