Learned a new trick:
- User is authenticated, but not authorised to perform a certain function
- Can protect the page that performs that function in web.config (snippet 1)
- However, by default, when unauthorised user attempts to get to that page, they are shown the "Yellow Screen of Death"
- Can alter this default behaviour in Login.aspx.vb, put this in Page_Load. (snippet 2)
<system.web>
<authorization>
<allow roles="Administrator"/>
<deny users="*"/>
</authorization>
</system.web>
</location >
If User.Identity.IsAuthenticated Then
'You were redirected here becasue you're not authorised
Session("sMessage") = "You are not authorised to perform that operation."
Response.Redirect("Errors/AccessDenied.aspx")
End If
No comments:
Post a Comment