You want to assign or make use of predefined roles for the users of your application, and you want to control access to pages as a function of these roles.
The solution involves the following steps:
Implement the solution described in Recipe 8.2, adding to
web.config the required roles for each of the
In the code-behind class for the ASP.NET login page, add the user’s role information to the authentication cookie when the user logs in.
Add code to the
method in the
global.asax code-behind to recover
the user role information and build a user principal object.
Set the user principal object to the
property to provide ASP.NET the data it needs to perform page-by-page
The code we’ve written to illustrate this solution
appears in Example 8-6 through Example 8-10. The
<authorization> elements of
web.config are shown in Example 8-6. The login page code-behind where the
authentication cookie is created is shown in Example 8-7 (VB) and Example 8-8 (C#).
(See Recipe 8.1 for the
.aspx file for a typical login page.) The
Application_AuthenticateRequest method in the
global.asax is shown in Example 8-9 (VB) and Example 8-10 (C#).
The approach we favor for this recipe builds on Recipe 8.2 but quickly takes a tack of its own
based on the addition and use of user roles. The
<authorization> elements ...