I'm using the ASP.NET Login Controls and Forms Authentication for membership/credentials for an ASP.NET web application.
I've got two roles:
- Users
- Administrators
I want pages to be viewable by four different groups:
- Everyone (Default, Help)
- Anonymous (CreateUser, Login, PasswordRecovery)
- Users (ChangePassword, DataEntry)
- Administrators (Report)
Expanding on the example in the ASP.NET HOW DO I Video Series: Membership and Roles, I've put those page files into such folders:
And I used the ASP.NET Web Site Administration Tool to set up access rules for each folder.
It works but seems kludgy to me and it creates issues when Login.aspx is not at the root and with the ReturnUrl parameter of Login.aspx.
Is there a better way to do this? Is there perhaps a simple way I can set permissions at the page level rather than at the folder level?