views:

48

answers:

1

I have a web app using forms authentication and I have restricted a folder so that only those with an administrator role can access it. I am controlling all of this through the web.config file and adding the proper location tags to restrict access.

Currently the application is working fine. If I am logged in as a user and click the link to the administration section, I'm redirected to the login page once again. If I look at the URL, the ReturnUrl parameter is set properly.

What I'd like to do is to display a message to the user indicating insufficient security privileges, or something to that effect so the user doesn't think they are getting logged out of the application prematurely or that the application isn't working.

Does anybody know of a way to do this?

+1  A: 

You can redirect to a page that displays an alert box, and which then (on the client) redirects to the page you want to be at.


I gave no sample code because I don't have time now to get it right. Here's the wrong code:

if (FormsAuthentication.Authenticate(userName, passWord))
{
    Response.Redirect("alertPage.html?ReturnUrl=" + Request.QueryString["ReturnUrl"]);
}

on alertPage.html:

<script language="javascript">
    alert('Some message');
    window.navigator.location = // get the URL and use it
</script>
John Saunders
Any way to toss a little sample code on that answer? I'm pretty sure I follow you on that, but I'm not 100% sure.
Dillie-O
@Dillie-O: I thought it was obvious!
John Saunders
Hmm, maybe I should update the text. The one thing I forgot to mention is that I'm controlling access to the admin section by using the web.config file. Does that alter things at all?
Dillie-O
@Dillie-O: no, that means you need to put this .html file in an /unsecured section of your site, and use the `<location>` tag in web.config to allow anonymous access to /unsecured.
John Saunders
That did the trick. Thanks!
Dillie-O