How to secure webpages in ASP.Net with roles?

Question

In my application I have different roles and offcourse multiple pages. How do I secure webpages that may not be accessed by certain roles?

Imagine group 1 has acces

Answer 1

This is a big topic but I think what you want to look into is the ASP.NET Membership Provider.

I would start here: Examining ASP.NET 2.0's Membership, Roles, and Profile.

There's one thing messageboard websites, eCommerce websites, social network websites, and portal websites share in common: they all provide user accounts. These websites, and many others, allow (or require) visitors to create an account in order to utilize certain functionality. For example, a messageboard website, like ASPMessageboard.com, allows anonymous and authenticated visitors to view and search the posts in the various forums. However, in order to be able to post a new thread or reply to a message a visitor must have an account and must log into the site.

Answer 2

You have to add in web.config, which Role can get which page.

<location path="yourPage.aspx">
    <system.web>
        <authorization>
            <deny users="?"/>
            <allow roles="Super Admin"/>
                            <deny users="Admin"/>

        </authorization>
    </system.web>
</location>

Answer 3

This might help you.

Authorization module which applies authorization to matching urls: http://code.google.com/p/talifun-web/wiki/RegexUrlAuthorizationModule