Home/ Questions/Q 9247695
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-18T09:47:44+00:00

Is there a way I can restrict access to pages without the built in

  • 0

Is there a way I can restrict access to pages without the built in role based way?

Essentially if the user tries to access admin.aspx then it redirects to login.aspx&redirect_url=admin.aspx

\then, they will postback with their credentials and I will give them a session cookie and so forth.

Is there an example of this?

Thanks

Edit:

I cannot use the way ASP.NET does it because my database has employees with usernames and passwords. ASP creates its own with roles and such

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    First, you should set a FormsAuthentication cookie on login. So, in your code, on successful login you can set the cookie with:

    FormsAuthentication.SetAuthCookie(theUsername, true);

    or better yet, you can use this to handle the cookie and the redirect:

    FormsAuthentication.RedirectFromLoginPage(theUsername, true);

    (true if you want to cookie to persist)

    The you can secure the admin folder by putting a web.config file in that folder:

    <?xml version="1.0"?>
<configuration>
    <system.web>
        <authorization>
            <allow users="adminusername1,adminusername2"/>
            <deny users="*"/>
        </authorization>
    </system.web>
</configuration>

    Now when someone hits that admin folder and they aren’t logged in, it will automatically send them to login.aspx?ReturnUrl=admin.aspx

    Another thing to consider would be to implement your own RoleProvider. It’s a lot less daunting that you may think. If you need to put people into roles (like Admin), then this is a good idea.

    • 0