Introduction
When using Forms Authentication with Role Based Authorization, we can restrict users based on their role for different directories/pages.
However, if an user who doesn't have authorization to view a page, tries to view the same, he will be directed to the Login page with a ReturnUrl parameter, despite the user already being logged in.
That doesnt give any idea to the user as to why he is getting directed to the same login page while he has already logged in and doesnt give him the message that he is not an authorized person to view that page.
However, we would like to take them to a Custom "You are not authorized to view this section" page.
This can be achieved by a little tweaking of code in the login page.
In the Page_Load event of the Login page, you can check if the User is Authenticated and if the querystring for ReturnURL is not null. Then we can get an idea that the user has tried to view an unauthorized section and has been directed to login page.
So if both the above conditions are true, you can safely response.redirect them to your custom "Not authorized" page.
The code for the same is as follows:-
if(User.Identity.IsAuthenticated && Request.QueryString["ReturnUrl"] != null)
{
Response.Redirect("NotAuthorized.aspx");
}
Summary
The above is not the only solution and this can be handled using custom HTTP handler events. However, I found this to be a simpler, quicker solution with much less coding effort.
|
No responses found. Be the first to respond and make money from revenue sharing program.
|