Multiple access rules to pages in ASP.NET

Question

I came to a problem:

I have a project with successful Login mechanics. I used Login Control and then wrote code to check if user and password from Login Control match the one in DB.

On matching pair, this happens:

if (authenticated)
        {
            FormsAuthentication.RedirectFromLoginPage(LoginControl.UserName, LoginControl.RememberMeSet);
        }

and once logged-in I can access/get redirected to Members.aspx in separated folder and with

    <authorization>
         <deny users="?"/>
    </authorization>

in web.config I prevent anon users to access this folder.

But I have to separate Members folder from Administration folder.

I have extra column in Users table in DB that tells me if user is Admin or not.

How could I give Admin users extra rights or limit ordinary logged in users from accessing Administration folder?

Answer 1

If I understand you correctly and the code above works you can deny to certain pages like this..

<location path="AdminPage.aspx">
    <system.web>
      <authorization>
        <allow roles="Admins" />
        <deny users="*" />
      </authorization>
    </system.web>
</location>

The deny users = "*" will deny everyone unless they have access. This is how many do it in theirs. Hope this helps.

Then on login you can check to see if that user is an admin or not. If they are, they can access that page, if they aren't, they can't. I'm using Active Directory currently but you can use SQL or Linq to Sql to check to see if they are an admin or not.

EDIT: Here are some links that might help you in the right direction.

Link One this one is "outdated" but it will show you how it was recommended before.

Link Two

Link Three This one shows you how to set up an SQLMemberShipProvider.

The third one is the one I would suggest exploring. I use an ActiveDirectoryMembershipProvider with my applications at work. I think this is going to be your best chance.