Rolemanager not working properly
My rolemanager in c# is not working as I want it to.
When starting my site, an loggin page is started. And when logged in, redirects you to Default.aspx
var username = (string)Session["username"];
Login1.LoggedIn += (ee, ff) =>
{
Session.Add("username", Login1.UserName);
Response.Redirect("Default.aspx");
}
My masterpage checks if session is null
then go to Login.aspx
if (Session["username"] == null)
{
Response.开发者_开发百科Redirect("Login.aspx");
return;
}`
I have 2 diffrent roles "admin" and "vip".
So if the user is in the role "admin" grant access to the specific aspx site else dont!.
if (User.IsInRole("admin"))
{
Response.Redirect("Test.aspx");
} else if (User.IsInRole("vip")) {
Response.Redirect("Default.aspx");
}`
Still it does not matter who is logged in, it still grants access to Test.aspx
My webconfig file:
<system.web>
<authorization>
<allow roles="admin" />
</authorization>`
Hope someone is understands my "small" problem
try giving deny users also in web.config like :
<system.web>
<authorization>
<allow roles="admin" />
<deny users="*" />
</authorization>`
精彩评论