I am building an ASP.NET 3.5 Web Application and I am NOT using the membership provider for security. In the application I have a role named Admin and all the files for this role are inside the Security folder in the project. Currently for all the pages inside the security folder I am checking to see if the logged in user's role is an Admin or not. This to me seems very redundant, can do something like "If the user is requesting a page inside the security folder then check his role". Is this possible?
+2
A:
You can place a separate web.config file in the Security folder that will deny access to every request to that folder if the user isn't in the Admin role.
It would basically look like this:
<location path="Security">
<system.web>
<authorization>
<allow roles="Admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
womp
2010-01-04 17:46:29