Home/ Questions/Q 516389
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T07:43:35+00:00

I have implement Form Authentication <location path=Admin> <system.web> <authorization> <deny users=?/> <allow roles=Admin />

  • 0

I have implement Form Authentication

 <location path="Admin">
 <system.web>
  <authorization>
    <deny users="?"/>
    <allow roles="Admin" />
    <deny roles="systemAdmin"/>
  </authorization>
  </system.web>
 </location>

Since in above mentioned rights, Admin can have access to Admin folder and systemAdmin can’t have.

I have make custom Accessdenied page where I am showing message to user he has not permission to access this page

Now the issue is, If systemAdmin try to hit Admin folder page, he will be redirected to AccessDenied.apsx page. (please Note: both user are authenticated, 1 user have permission to some folder and other user have permission to other folder. I don’t want to put check in each page)

where to specify accessdenied page redirection ?

Thanks

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Sadly the default access mechanisms don’t differentiate between between a 401 Unauthorized and a 403 Forbidden.

    If you don’t want to implement Saar’s solution of using a common base page – and have all your admin pages inherit from the base page class, an alternative option would be to write the logic in your login page – check to see if the user is already logged in (Request.IsAuthenticated) and display a message stating that they don’t have permission to view the pages.

    You should probably also change the Response.StatusCode to 403 and the Response.StatusMessage to "Forbidden"

    • 0