D
Diane Y
I'm using Forms Authentication in my ASP.Net app and I'm separating all my pages into different directories based on their authorization requirements (e.g., all my administrative pages will go under one directory and I have a <location> tag set up in my web.config to allow rights to only the "Admin" role for those pages).
Currently, a user logs in and is redirected to the main Welcome page, which all users can see. If a non-Admin user tries to enter the Admin section of the app, they are redirected to the log in page. They've already logged in, though, so I'd rather have them redirected to a custom "You are not authorized to view this section" page. Is this possible?
Here's my relevant web.config sections:
<authentication mode="Forms">
<forms name="Auth" protection="All" timeout="30" loginUrl="Login.aspx" path="/" />
</authentication>
<authorization>
<allow users = "?" />
</authorization>
..
..
..
<location path="Maintenance">
<system.web>
<authorization>
<allow roles="Admin" />
<deny users="*" />
</authorization>
</system.web>
</location>
Currently, a user logs in and is redirected to the main Welcome page, which all users can see. If a non-Admin user tries to enter the Admin section of the app, they are redirected to the log in page. They've already logged in, though, so I'd rather have them redirected to a custom "You are not authorized to view this section" page. Is this possible?
Here's my relevant web.config sections:
<authentication mode="Forms">
<forms name="Auth" protection="All" timeout="30" loginUrl="Login.aspx" path="/" />
</authentication>
<authorization>
<allow users = "?" />
</authorization>
..
..
..
<location path="Maintenance">
<system.web>
<authorization>
<allow roles="Admin" />
<deny users="*" />
</authorization>
</system.web>
</location>