As a glutton for unproven sexy techniques I’ve adopted System.Web.Routing in my Web Forms application to manage navigation and such. Further, I’m hoping to move role-based security from web.config to the route definitions itself so I can say ‘this route is only available to roles x, y’.

So I’ve got the class that implements IRouteHandler and before it attempts to load a particular page it checks to see if the user is in it’s set of allowed roles. My question is, if they aren’t, how do I redirect to the login page within that handler? I know it’s possible to load the login page in that instance, but I’d prefer a clean redirect with the ‘returnto’ page and all.

public IHttpHandler GetHttpHandler(RequestContext requestContext) {  if ( AllowedRoles != null ) {     bool allowed = false;      for ( int i = 0; i < AllowedRoles.Length; i++ )     {         if ( requestContext.HttpContext.User.IsInRole( AllowedRoles[i] ) )         {             allowed = true;             break;         }     }      if ( !allowed )     {         ???     } }