As a glutton for unproven sexy techniques I've adopted System.Web.Routing in my Web Forms application to manage navigation and such. Further, I'm hoping to move role-based security from web.config to the route definitions itself so I can say "this route is only available to roles x, y".
So I've got the class that implements IRouteHandler and before it attempts to load a particular page it checks to see if the user is in it's set of allowed roles. My question is, if they aren't, how do I redirect to the login page within that handler? I know it's possible to load the login page in that instance, but I'd prefer a clean redirect with the "returnto" page and all.
Thanks!
James
public IHttpHandler GetHttpHandler(RequestContext requestContext) {
if ( AllowedRoles != null )
{
bool allowed = false;
for ( int i = 0; i < AllowedRoles.Length; i++ )
{
if ( requestContext.HttpContext.User.IsInRole( AllowedRoles[i] ) )
{
allowed = true;
break;
}
}
if ( !allowed )
{
???
}
}