I am using VS2005 ASP.NET 2.0.
I use the web.config file for my role management for certain privileged web page roles with the following code in my global (not in the "Administrator" folder) web.config file:
<location path="Administrator"> <system.web> <authorization> <allow roles="Administrator"/> <deny roles="User"/> <deny users="?" /> </authorization> </system.web> </location>
A web page can be limited by a role, thus prohibiting users without administrator involvement.
However, when users of any role try to enter a restricted web page, they will be automatically redirected to the login page with a URL, for example
http://localhost:2232/App/Login.aspx?ReturnUrl=%2fSoD%2fAdministrator%2fUserMgmt.aspx
This will require the user to press the back button to return to the previous page.
This causes me problems with error handling, as this should not happen, an error page should be displayed instead.
Can I find out if there is any solution or options that I can declare for the default redirect for each folder / page?
PS
I have my own error tag that announces error pages with each error code attached.
Is there an error code that I can use when a user logs into a role-limited website?
eg.
<customErrors defaultRedirect="~/Error/UnexpectedError.aspx" mode="On"> <error statusCode="404" redirect="~/Error/PageNotFound.aspx"/> </customErrors>
Solution for redirecting LOGGED IN User page to error page:
if (!Page.IsPostBack) { if (Request.IsAuthenticated && !string.IsNullOrEmpty(Request.QueryString["ReturnUrl"])) Response.Redirect("/App/Error/UnauthorizedAccess.aspx"); }
EDIT
How can I redirect the user to the error page if he / she is not logged in and is trying to enter a web page with role restrictions?