Location based Role authentication not working

Question

I am working on a web application with sql membership providers. I have mapped roles for the user in the SQL and the users are assigned to roles correctly. Following code works fine.

        protected void btnLogin_Click(object sender, EventArgs e)
        {
        if (Membership.ValidateUser(txtUserName.Text, txtPassWord.Text))
        {
            if (Roles.IsUserInRole(txtUserName.Text, "admin"))
            Response.Redirect("~/Users/ViewUsers.aspx");
        }
        else
        {
            lblErrorMessage.Visible = true;
        }
    }

But I want to do all the access denial logic in my config. The following code doesnt work. Users with all roles get redirected in spite of their roles.

<location path="Users">
<system.web>
  <authorization>
    <allow roles="admin"/>
    <deny roles="user"/>
  </authorization>
</system.web>

Kindly let me know what I am doing wrong ?

score 0 · Answer 1 · answered Nov 06 '14 at 07:43

0

You need to use <deny users="*"/> instead. See MSDN article with example.

answered Nov 06 '14 at 07:43

Max Brodin

3,903
1
14
23

score 0 · Answer 2 · answered Nov 06 '14 at 07:50

0

have you try this? it will work

 [Authorize(Roles = "Super Admin,Business Admin")]

answered Nov 06 '14 at 07:50

Where should I add this ? – wickjon Nov 06 '14 at 07:52
you can put it before getmethod or before controller class according to your requirement – Nov 06 '14 at 07:58
1

It's `asp.net`, not `asp.net mvc` there is no controllers. – Max Brodin Nov 06 '14 at 08:05

score 0 · Answer 3 · answered Nov 06 '14 at 16:06

0

I had to set the formauthentication cookie to do this and all works fine now

string username = UsernameTB.Text;
FormsAuthentication.SetAuthCookie(username, false);

answered Nov 06 '14 at 16:06

wickjon

900
5
14
40

Location based Role authentication not working

3 Answers3