URL authorization rules can specify roles instead of users.
This tutorial starts with a look at how the Roles framework associates a user's roles with his security context. NET pipeline it is associated with a security context, which includes information identifying the requestor.
A more maintainable approach is to use role-based authorization.
The good news is that the tools at our disposal for applying authorization rules work equally well with roles as they do for user accounts.
Figure 5: Tito Can Visit the Note When specifying URL authorization rules – for roles or users – it is important to keep in mind that the rules are analyzed one at a time, from the top down.
As soon as a match is found, the user is granted or denied access, depending on if the match was found in an URL authorization makes it easy to specify coarse authorization rules that state what identities are permitted and which ones are denied from viewing a particular page (or all pages in a folder and its subfolders).
Figure 4: Only Users in the Administrators Role Can View the Protected Pages (Click to view full-size image) Log off and then log in as a user that is in the Administrators role.
Now you should be able to view the three protected pages.It then examines how to apply role-based URL authorization rules. When using forms authentication, an authentication ticket is used as an identity token.Following that, we will look at using declarative and programmatic means for altering the data displayed and the functionality offered by an ASP. As we discussed in the method will be called on every request to a page that is protected by the role-based URL authorization rules.Free counters Added on January 19,2012 Follow Me @vmsdurano A bit About Me Disclaimer The opinions expressed herein are my own personal opinions and does not represent the opinions of my employers.Nor does it represent the opinion of my dog, because I don’t have one.If the user's browser does not support cookies, or if their cookies are deleted or lost, somehow, it's no big deal – the Note Microsoft's Patterns & Practices group discourages using persistent role cache cookies.