ASP.NET Membership Stop redirecting to Destination URL if user is not in specified role
My system has different users, superadmin, admin, member, anonymous user.
In some 开发者_如何学Cpages, I want only admin users to login. If member logs in, I don't want to redirect them to destination URL.
How can I stop the redirect?
I don't recall the native ASP.NET MembershipProvider allows different redirect locations/behaviors after succssful login. You probably need to implement your own login logic. E.g:
if (Membership.ValidateUser(userName.Text, password.Text))
{
/* add your own code to check if user is in the role for redirect */
if (Request.QueryString["ReturnUrl"] != null)
{
//redirect to the return url
FormsAuthentication.RedirectFromLoginPage(userName.Text, false);
}
/* login without redirect */
FormsAuthentication.SetAuthCookie(userName.Text, false);
}
else
{
Response.Write("Invalid UserID and Password");
}
The above code referenced from MSDN Forms Authentication in ASP.NET 2.0
You can programatically check if the current user is in a role in the code behind, instead of doing it through your web.config. First, clear any restrictions you have on that role in your web config.
protected void Page_Load( object sender, EventArgs e )
{
if( !Roles.IsUserInRole("admin") )
{
// 1) Either redirect to your custom location
// Response.Redirect("Some custom place");
// return;
// 2) Or just change your output of this page
// Response.Write("You don't have access to this page. =P");
// Response.End();
// return;
}
}
精彩评论