Thanks.
I hope there is a way to tell user in login page that why he/she be
redirected to login page, because his role or he is anonymous.
if it's due to role security setting, the user will be redirected to login
page again and again without any information because he has a
valid account
"rote" <na********@hotmail.comwrote in message
news:OA****************@TK2MSFTNGP02.phx.gbl...
RedHair
I think the setting you provided is doing the right thing as only people
with the Admin roles can get to the page.
If you are using Forms auth then u can changed the property loginurl to
suit your need (to a different page)
You stated:
.. a logoned user whose role is not "Admin" tries access the
testAdmin.aspx page, the system
still redirect him/her to login page
But thats what its suppose to do.
If you want more control you can switch to Windows Auth and do the
authorization in your code.
Then in code use User,IsInRoles("Admin")
Look at this samples by Scott:
http://weblogs.asp.net/scottgu/pages...QL-Server.aspx
Hope that helps
Patrick
"RedHair" <re*****@u.s.awrote in message
news:OP**************@TK2MSFTNGP02.phx.gbl...
>I use the Form Authentication and Role base security to secure one ASP.NET
3.5 appication.
Below are security settings in web.config
<location path="testAdmin.aspx">
<system.web>
<authorization>
<allow roles="Admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
If a anonymous user tries to access testAdmin.aspx then he/she will be
redirected to login page
based on the loginUrl setting of <authenticationelement
but if a logoned user whose role is not "Admin" tries access the
testAdmin.aspx page, the system
still redirect him/her to login page, in this case, is it possible to
redirect user to another page other
than login page? via configuration.
Or I need to add Context.User,IsInRoles("Admin") to each page?
Thanks.