开发者

ASP.NET Membership Stop redirecting to Destination URL if user is not in specified role

My system has different users, superadmin, admin, member, anonymous user.

In some 开发者_如何学Cpages, I want only admin users to login. If member logs in, I don't want to redirect them to destination URL.

How can I stop the redirect?


I don't recall the native ASP.NET MembershipProvider allows different redirect locations/behaviors after succssful login. You probably need to implement your own login logic. E.g:

if (Membership.ValidateUser(userName.Text, password.Text))
{
    /* add your own code to check if user is in the role for redirect */

    if (Request.QueryString["ReturnUrl"] != null) 
    {
        //redirect to the return url
        FormsAuthentication.RedirectFromLoginPage(userName.Text, false);
    }

    /* login without redirect */
    FormsAuthentication.SetAuthCookie(userName.Text, false);
}
else
{
    Response.Write("Invalid UserID and Password");
}

The above code referenced from MSDN Forms Authentication in ASP.NET 2.0


You can programatically check if the current user is in a role in the code behind, instead of doing it through your web.config. First, clear any restrictions you have on that role in your web config.

protected void Page_Load( object sender, EventArgs e )
{
    if( !Roles.IsUserInRole("admin") )
    {
        // 1) Either redirect to your custom location
        // Response.Redirect("Some custom place");
        // return;

        // 2) Or just change your output of this page
        // Response.Write("You don't have access to this page. =P");
        // Response.End();
        // return;
    }
}
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜