I used to write websites in classic ASP which authenticated a user and
retrieved a comma separated list of "keys" via a COALESCE query from a
SQL Server database which determined which areas of the site they
could access.
The list was stored in a session variable and could be something like
"news,stocks,charts,reports".
Then for instance, at the top of the "Stocks.asp" page, there would be
a line of code which did a simple string search on the session
variable to see if the "stocks" "key" or word was present and either
let the user view the page or redirect them somewhere else such as a
login page.
Could anyone please explain how I could implement this in C# ?
I have just mastered Forms-Based Authentication using the Web.Config
file to denote which pages are effectively private and public which is
working fine but this is not specific to each user.
<location path="default1.aspx">
<system.web>
<authorization>
<allow users ="*" />
</authorization>
</system.web>
</location>
I basically need to authenticate users and only allow them access to a
page if they possess the necessary key which has been associated with
their user record in the SQL Server database.
Would this need to be a modification of Forms-Based Authentication or
something completely different ?
I would be extremely grateful for any advice or a URL of an article
which explains how to do this.
Regards
John Smith
Similar Threads
