ASP.NET Membership Stop redirecting to Destination URL if user is not in specified role

Question

My system has different users, superadmin, admin, member, anonymous user.

In some pages, I want only admin users to login. If member logs in, I don't want to redirect them to destination URL.

How can I stop the redirect?

Answer 1

I don't recall the native ASP.NET MembershipProvider allows different redirect locations/behaviors after succssful login. You probably need to implement your own login logic. E.g:

if (Membership.ValidateUser(userName.Text, password.Text))
{
    /* add your own code to check if user is in the role for redirect */

    if (Request.QueryString["ReturnUrl"] != null) 
    {
        //redirect to the return url
        FormsAuthentication.RedirectFromLoginPage(userName.Text, false);
    }

    /* login without redirect */
    FormsAuthentication.SetAuthCookie(userName.Text, false);
}
else
{
    Response.Write("Invalid UserID and Password");
}

The above code referenced from MSDN Forms Authentication in ASP.NET 2.0

Answer 2

You can programatically check if the current user is in a role in the code behind, instead of doing it through your web.config. First, clear any restrictions you have on that role in your web config.

protected void Page_Load( object sender, EventArgs e )
{
    if( !Roles.IsUserInRole("admin") )
    {
        // 1) Either redirect to your custom location
        // Response.Redirect("Some custom place");
        // return;

        // 2) Or just change your output of this page
        // Response.Write("You don't have access to this page. =P");
        // Response.End();
        // return;
    }
}