Hi Folks,
This is about security and membership and how I am maintaining this:
1. Have a LoginPage at the root of the website with following code:
and then use this code behind to Authenticate and Authorize:
if (User.Identity.IsAuthenticated)
{
HyperLink hl = (HyperLink)form1.FindControl("LoginView1").FindControl("HyperLink1");
if (HttpContext.Current.User.IsInRole("admin"))
{
hl.NavigateUrl = "~/admin";
hl.Text = "Go to Finultima admin panel";
Response.Redirect("~/admin");
}
else if (HttpContext.Current.User.IsInRole("customer"))
{
hl.NavigateUrl = "~/customer";
hl.Text = "Go to Customer Panel";
Response.Redirect("~/customer");
}
}Inside folder admin and default.aspx, I place LoginView with below:
Anonymous: I place Login control here.
LoggedIn: A message, you are not authorize to view this page, please logout and login with correct credentials.
Role as Admin: Here all my html code goes actually.
Apart from this: I also maintain directory access privileges like this in web.config:
<location path="admin"><system.web><authorization><allow roles="admin" /><deny users="*" /></authorization></system.web></location>
I use MySql .Net Connector for Security, Roles and Membership.
But sometimes my clients experience, redirect loop and sometimes page automatically signed out and may be there are more challenges in the code.
I just wanted to know if it the best practice as shown above, or this code can be more fine tuned. I just looking the page to load very fast and there will be no redirect or any other issue. And how big applications have their code different than this.
Expert comments are welcome.
Regards
Jay