securing pages in a folder with user roles?

I am managing different roles pages in different folders in my application rote. Admin folder has all开发者_StackOverflow中文版 pages of admin. User has all pages of loged in user.

Please advice what way I should adopt to check that user is valid and have correct permissions ?

I was thinking I should user sessioon variables, as a user logs in I keep its Id and user type in session. Can there be some more elegent and less coding required way ?

The page where user signs in is a detail page with almost 25 fields and it has ajax validations, and othe client and server side validations.

I dont know much about membership providers by asp.net and never used these , Kindly if you advice something reffer me some link or keyword to look further.

Thanks

You can manage such configuration easily in the web.config. Simply add in a configuration section of web.config.

<location path="Admin">
  <system.web>
    <authorization>
        <deny users="?"/>               
        <allow roles="Administrator"/>
    </authorization>
  </system.web>
</location>

<deny users="?"/> mean's unauthenticated user will not be able to access the Admin Folder

An example with another Folder, you want to allow, that has Manager Role:

<location path="ManagerFolder">
  <system.web>
    <authorization>
        <deny users="?"/>               
        <allow roles="Manager"/>
    </authorization>
  </system.web>
</location>

Here are some links

Implementing Role-Based Security with ASP.NET

Implementing Role-Based Security with ASP.NET, Part 2

Role-based Security with Forms Authentication

Hope these will help you get started