Tuesday, May 20, 2008

Displaying Access Denied for Authenticated User

Learned a new trick:

  • User is authenticated, but not authorised to perform a certain function
  • Can protect the page that performs that function in web.config (snippet 1)
  • However, by default, when unauthorised user attempts to get to that page, they are shown the "Yellow Screen of Death"
  • Can alter this default behaviour in Login.aspx.vb, put this in Page_Load. (snippet 2)
<location path="Admin">
     <allow roles="Administrator"/>
      <deny users="*"/>

</location >

    If User.Identity.IsAuthenticated Then

       'You were redirected here becasue you're not authorised

       Session("sMessage") = "You are not authorised to perform that operation."


    End If

No comments:

Post a Comment