i have few pages in asp.net ,
when a user logs in then i want t give him access to 4 out of 10 pages, mean he can only view 4 pages out of 10, else are for admin + superadmin,

so how could i assign him authority to few pages ? and restrict from other ,

4 Years
Discussion Span
Last Post by HunainHafeez

Ok, this is a big topic. There's quite a bit of information out on the Internet on how to do this. I am going to suggest that you visit these links and read over the information. This is same info that I refer to when I need to integrate authentication in my projects.

Since you are using C#:
How To Implement Forms-Based Authentication in Your ASP.NET Application by Using C#.NET

More information about forms based authentication:
Using Basic Forms Authentication in ASP.NET

Great resource over asp.net security (a must read):

Again, you can code all of this by hand, use session variables, keep roles in a database table, but before you do so, take a look at what asp.net built-in controls and objects can do for you.


great jorgem:

but requirement is to code by hand, lines of code, you know

so i kept 3 roles in db, and 1,2,3 for admin, subadmin, and applicant
and used session variables to store user email after login , but problem is that he/she can view all pages , so how to restrict via code ? like i made db roles+ sessions


in your code behind, check for the session variable. If its empty, send the user to the login page. If not, check to see what role the user logged in as. If its an admin page and the user is not an admin, redirect them to a "unauthorized page", or appropriate page.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.