All geek questions in one place

Role redirected asp.net access control

I am using asp.net access control with one of the asp.net applications to authenticate users. I also have defined roles.

Some of the directories are set up so that only users with the ROLE "MANAGER" can access the pages under these directories. If the user does not have the "MANAGER" role, he will simply be redirected back to the login page.

so my question is, to control the login to the mailbox, is there a way to show the correct login error message? for a user trying to log in but does not have the proper ROLE assigned to them, instead of the general "login failed" error message

thank.

+3
source share
1 answer

What you are experiencing is a long-standing error in asp.net authentication.

ASP.Net treats all failures as authorization failures and infinitely redirects the login when it should recognize UNDER authorization and allow redirection to 403.

There are many kludges and hacks, some of which I have used and / or developed in the past.

I finally got tired and fixed ASP.Net.

http://www.codeproject.com/Articles/39062/Salient-Web-Security-AccessControlModule.aspx

Note. The top of the article is ajax tilted, as it was ultimately a motivation, but not to be distracted by all the talk about headlines. It can be used in its default state with standard asp.net authentication / ownership / roles.

+3
source

Source: https://habr.com/ru/post/1740236/

More articles:


All Articles