I'm using ASP.NET custom membership provider, I have created a list of users and their roles in a single XML file.
I'm using three login controls in my app, one located at Admin/login.aspx page, and single web.config file is located at the root.
The page \Admin\Admin.aspx allow only user with Admin role access.
here is a part of my web.config
Expand|Select|Wrap|Line Numbers
- <location path="Admin/Admin.aspx">
- <system.web>
- <authorization>
- <allow roles="Admin" />
- <deny users="*" />
- </authorization>
- </system.web>
- </location>
why the access denied message is not shown when the users tries to access the page in different role?
in other meaning how can I display error msg to a user if he isn't authorize to see the page.
I tried to use this code, but it doesn't work
Expand|Select|Wrap|Line Numbers
- <customErrors defaultRedirect="ErrorPage.aspx" mode="On">
- <error statusCode="400" redirect="AccessDenied.aspx" />
- </customErrors>