If you do not wish to use the Membership API, you can do this via
Configuration as it was done in ASP.NET 1.x.
You need to implement the ASP.NET Forms Authentication in combination
with URL Authorization and configure separate Authorization settings
for each differing location in the application.
A sample web.config section would look like :
---
<configuration>
<system.web>
...
</system.web>
<location path="AdminPage.aspx">
<system.web>
<authentication mode="Forms" loginUrl="AdminLogin.aspx" />
<authorization>
<allow roles="Administrators"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="UserPage.aspx">
<system.web>
<authentication mode="Forms" loginUrl="UserLogin.aspx" />
<authorization>
<allow roles="Users"/>
<deny users="?"/>
</authorization>
</system.web>
</location>
</configuration>
---
Take a look at the following resources or search for the terms I have
used -
http://support.microsoft.com/kb/301240
http://support.microsoft.com/kb/311495
http://www.codeproject.com/KB/web-security/rolesbasedauthentication.aspx
http://www.4guysfromrolla.com/articles/082703-1.aspx
On Jun 11, 8:12 am, Neelu Bawa <[email protected]> wrote:
> Actually I have one login page where when I validate the user it let me show
> Default page. In that page I have some pages listed.I want to give access of
> different pages to different users based on their roles. I am not using
> membership and roles provider by going into ASP.Net configuration tab and
> creating roles and users over there. I have two tables users and roles
> already in my sql server database.
>
> Once after validating the users and getting Default page how can I make sure
> that e'g if the user is admin he has access to just administration page
> wwwand
> sales person has access to only sales.aspx page etc
>
> --
