Restricting Users from different Web Applications

okay I have a web application that manages the logins for different client web applications, stored inside the root folder. Each client web application has its own login controlled by C# Roles class, where by they are routed to their site.

开发者_高级运维http://msdn.microsoft.com/en-us/library/system.web.security.roles.aspx

Now while logging in and using the site works perfectly, the problem is if a user enters the url for one of the other client sites, it allows them access to it.

Is it possible to restrict this access?

Your roles should be attached to a specific application. This can either be done with separate databases for each application, by adding and filtering based on the associated application within your role manager, or using application specific roles for each application (I'd avoid this, but it should work). If you have the role "user" that is used by multiple applications without any filtering, then the individual application won't know whether it's a user for their app or not, and thus by default allow any "user" to access any application that allows users.