A
Alex Dinu
I'm setting up my authorization in web.config to reject
everybody and allow users with a specific role to a folder.
When a user that does not have the role somehow ends up
requesting a page in the restricted folder, I get the
login page, which is what I expect.
When they log in again, it actually redirects the user to
view the page which the user was just rejected from
viewing?
Assuming that it's not a caching issue, my thinking is
that the role is still not given to the user the second
time they log on, so they should be re-directed to the
login page again.
I'm keeping the principal data in a cookie which is
written to the ticket in the logon and in
Application_AuthenticationRequest method in Global.asax to
make sure the cookie timeout is refreshed on all
navigations.
Alex
everybody and allow users with a specific role to a folder.
When a user that does not have the role somehow ends up
requesting a page in the restricted folder, I get the
login page, which is what I expect.
When they log in again, it actually redirects the user to
view the page which the user was just rejected from
viewing?
Assuming that it's not a caching issue, my thinking is
that the role is still not given to the user the second
time they log on, so they should be re-directed to the
login page again.
I'm keeping the principal data in a cookie which is
written to the ticket in the logon and in
Application_AuthenticationRequest method in Global.asax to
make sure the cookie timeout is refreshed on all
navigations.
Alex