How to redirect

[Q. John Chen]

All,

I am using Form Authentication with Roles.
E.G. PageA.aspx is permitted for Role "Admin",
and PageB.aspx is permitted for Role "Basic".

When a user of "Basic" role try to access an "Admin" page directly,
Login From shown and he enters his username and password.
He is then AUTHENTICATED but stays on the Login form because
he is not permitted to view the "Admin" pages.

My question is: Is there a way to redirect the user to a "Not-permitted-page" ?

Thanks

John

 

[Ken Cox [Microsoft MVP]]

Hi John,

Can you add a section to the web.config to exempt the notpermitted.aspx page
from the authentication?

<location path="notpermitted.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>

http://www.microsoft.com/resources/...6/all/proddocs/en-us/aaconlocationelement.asp

 

[Q. John Chen]

Ken,

I don't think that I made my question clear. Here is details:

First, I have a login form. If a user failed to login. It will show
the error right in the login form and ask for re-enter the
identification:
<authentication mode="Forms">
<forms loginUrl="login.aspx" />
</authentication>

I have two page accessable to user in the roles, Admin and Basic in
this example:
<location path="PageA.aspx" >
<system.web>
<authorization>
<allow roles="Admin" />
<deny users="*" />
</authorization>
</system.web>
</location>

<location path="PageB.aspx" >
<system.web>
<authorization>
<allow roles="Basic, Admin" />
<deny users="*" />
</authorization>
</system.web>
</location>

Now, UserB (with 'Basic' role) logins first. Then he types PageA.aspx
in address bar trying to access PageA. He is redirect to the Login
page automatically. But what I wantd is to SHOW a kind of 401 error
page rather than go the the login page.

Thanks

John

 

[Q. John Chen]

I did it this way:

Change the Web.config only limit the anomymous user and allow all
users.
And in individual page, check the role the user is in and redirect to
the proper page.

-- John