Membership implemenation in ASP.NET

I want to do the following

I have some pages on my website that can be viewed only by registered users with certain roles.

I'm using the ASP.NET membership for creating the users and roles.

How to redirect users to login page if they try to access a certain page without logging in.

I tried the asp configuration page. But it allows me to allow/deny permissions only at the folder level. How do I implement the same at page level with minimal effort?

Hello Friends, thank you 开发者_开发问答so much for the quick responses. They were really helpful. Can you also suggest me where to look for explanation on different tags available under this security tag with some examples and explanations. Tried googling.. not much use.

You can use location attribute in config file, like:

<location path="somefile.aspx">
    <system.web>
        <authorization>
            <deny users="?"/>
        </authorization>
    </system.web>
</location>

or you can use this code in page_load function:

if (!Page.User.Identity.IsAuthenticated)
{
     FormsAuthentication.RedirectToLoginPage();
     return;
}

Specifying Login Page:

<system.web>
    <authentication mode="Forms">
      <forms loginUrl="~/Index.aspx" timeout="2880" />
    </authentication>
</system.web>

You ought to be able to do something like this (obviously change authorization section to your needs):

  <location path="MyPage.aspx" allowOverride="true">
    <system.web>
      <authorization>
        <allow roles="Registered User"/>
        <deny users="*"/>
        <deny users="?"/>
      </authorization>
    </system.web>
  </location>

Configure your web.config, you can apply allow/deny rules at page level as such:

<?xml version="1.0"?>
<configuration>
  <location path="SecuredPage.aspx">
    <system.web>
      <authorization>
        <allow roles="SuperUsers" />
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>
</configuration>