Home/ Questions/Q 999759
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-16T07:24:17+00:00

Using the standard ASP.NET login control, I’m trying to get it to deny me

  • 0

Using the standard ASP.NET login control, I’m trying to get it to deny me login, if the user who is trying to login in a member of the cancelled group.

<asp:Login ID="Login1" runat="server" OnLoggedIn="Login1_LoggedIn" DestinationPageUrl="~/Default.aspx" FailureText="Whoops - something went wrong with your login.  <br />Please try again.  <br />If you've forgotton you password please click link below and we'll send you a new one" >
    <LayoutTemplate>
        <table cellpadding="1" cellspacing="0" style="border-collapse:collapse;">
            <tr>

and code behind (Pseudo code.. doesn’t work)

protected void Login1_LoggedIn(object sender, EventArgs e)
    {
        var profile = WebProfile.GetProfile(UserManager.GetCurrentUserName());

        if User.IsInRole("cancelled") {
            FormsAuthentication.SignOut();
            // write out a message saying you are not allowed to login
        }
    }
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Actually, you don’t have to do it in the code. You can put in a web.config’s Authorization section to block access rather than disallow a login. It’s perfectly legitimate to have a user logged in but no rights.

    <deny roles="canceled">

    If you think about it, it makes sense. We have a site that has an admin folder locked down by putting a web.config to restrict by setting

    so someone logged in as another user level would be locked out. Using my suggestion, you’re specifically locking out users in the “canceled” role in the config file, which is usually preferrable to code that needs to be compiled.

    • 0