[ACCEPTED]-Determine if user can access the requested page?-security-roles

UrlAuthorizationModule.CheckUrlAccessForPrincipal()

is what you need to use to test user access 1 to a location (page or folder) ( http://msdn.microsoft.com/en-us/library/system.web.security.urlauthorizationmodule.checkurlaccessforprincipal.aspx )

I ended up doing this in the page_load event 10 of the login page:

if (User.Identity.IsAuthenticated)
{
    LoginErrorDetails.Text = "You are not authorized to view the requested page";
}

The thinking being, if 9 an authenticated user ends up at the login 8 page, they have either been sent their as 7 a result of trying to access an page they 6 are not authorized to view, or they have 5 authenticated and then manually gone to 4 the log in page (unlikely).

A further action 3 would be to send the user to the relevant 2 home page whenever they visit the login 1 page, if they are already authenticated.

If you have different directories and you 9 are using asp.net authentication it is very 8 easy. All you need is to put web.config 7 file in each directory and define roles 6 which can access files in that directory 5 like this:

<authorization>
    <allow roles="shoppers"/>
    <deny  users="?"/>
</authorization>

You can get more details from 4 this article on MSDN

You can set all in main 3 web.config like this:

    <!-- Configuration for the "sub1" subdirectory. -->
      <location path="sub1">
        <system.web>
          <httpHandlers>
            <add verb="*" path="sub1" type="Type1"/>
            <add verb="*" path="sub1" type="Type2"/>
          </httpHandlers>
        </system.web>
      </location>

      <!-- Configuration for the "sub1/sub2" subdirectory. -->
      <location path="sub1/sub2">
        <system.web>
          <httpHandlers>
            <add verb="*" path="sub1/sub2" type="Type3"/>
            <add verb="*" path="sub1/sub2" type="Type4"/>
          </httpHandlers>
        </system.web>
      </location>
    </configuration>

This is from this article 2 on MSDN :)

EDIT:

In your page load method 1 do this:

if(!User.IsInRole("shopper"))
{
    lblNoAccess.Visible=true;
    lnkHome.Url="PATH_TO_HOME_PAGE_OF_THIS_ROLS";
}

Hope this helps you!

One approach would be to override OnLoad 10 of your aspx forms and check if the authenticated 9 user is allowed access to the resource based 8 on the role. So you create a BasePage.cs 7 (in which you define a class BasePage which 6 inherits from System.Web.UI.Page) for example 5 from which all your Forms (aspx) inherit, in 4 which you do this:

protected override void OnLoad(EventArgs e)
{
    InitializeSitemap();
    if (SiteMap.CurrentNode != null)
    {
        if (!UrlHelper.IsAnonymousAllowed(SiteMap.CurrentNode) && (!HttpContext.Current.User.Identity.IsAuthenticated || !UrlHelper.IsAccesible(SiteMap.CurrentNode)))
        {
            // You can redirect here to some form that has a custom message
            Response.Redirect("~/Forms/Logout.aspx");

            return;
        }
    }
    base.OnLoad(e);
}

Then in your UrlHelper 3 class you need that IsAccessible function 2 used above:

public static bool IsAccesible(SiteMapNode node)
{
    bool toRole = false;

    foreach (string role in node.Roles)
    {
        if (role == "*" || HttpContext.Current.User.IsInRole(role))
        {
            toRole = true;
        }
    }

    return toRole;
}

Here is IsAnonymousAllowed in 1 case you wondered:

public static bool IsAnonymousAllowed(SiteMapNode node)
{
    return node[AllowAnonymousAttribute] != null ? bool.Parse(node[AllowAnonymousAttribute]) : false;
}

You can redirect him on the index page, telling 1 him that he cannot access that page;)

Well, why don't you catch the directory 12 in the login page? If the login page can 11 determine which directory the user is trying 10 to access, maybe they can get redirect to 9 the right page based on role. If someone 8 tries to go to /admin, and authentication 7 succeeds, you can check if they do have 6 access there. If not, you can either redirect 5 to basic landing page indicating they do 4 not have access or you redirect them to 3 the role's landing page.

EDIT: You could 2 probably do the redirecting in the LoggedIn 1 event of the control.

One other option is to set a session variable 3 when you're checking rights, and displaying 2 that on the login page.

So you could do:

if(!User.IsInRole("shopper"))
{
    session("denied") = "You don't have access to shop";
    response.redirect("/login");
}

Then 1 in the login page:

if ( session("denied") != "" ) {
   message.text = session("denied");
   session("denied") = "";
}