I am working on a membership web application,
The logic is like this:
1. All logged-in users can visit Folder1, Folder2, Folder3, but
only administrators can access the Admin folder. Desirably, the link
to Admin pages won't even be visible to regular logged-in users.
2. For pages in Folder1, Folder2, Folder3, some pre-defined actions
(such as edit/delete) can only be done by an administrator.
I was trying to achieve logic 1 without considering 2 by creating a
web.config file underneath Admin folder, and in this web.config, I say
<system.web>
<authorization>
<allow users="admin" />
<deny users="johndoe" />
<deny users="smithdoe" />
</authorization>
</system.web>
The problem is when Johndoe tries to access the admin page, he is
kicked out right to the Login page of the application. How do I kick
him back to where he came from? Also, it's gonna be a problem if I
have to explicitly specify the allowed and denied users.
I think it is more troublesome to implement Logic 2.
I have never done anything using the asp.net membership, role, profile
framework. Will it greatly ease the implementation of the business
logic? I would like to know from the experienced before I delve into
the membership, role, profile systems. We have our own user table in
our database, which does not match the table structure of the
SqlMembership provider's user table.
Thank you very much.
