Hi Nicolas,
I would look into using Roles with your Forms Authentication. When you
verify your users credentials you also get their roles, if they are in an
Admin role then you can give them access to the backend directory. If they
are only in the Member role then they have no access. You can assign more
than 1 role to a user so you'll never need to do additional checks. In your
web.config file place <location> tags to have ASP.Net manage everything via
Roles for you (the <location> tags go right at the top of the web.config
file as below):
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<location path="Members">
<system.web>
<authorization>
<allow roles="Member, Administrator"></allow>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Members/Backend">
<system.web>
<authorization>
<allow roles="Administrator"></allow>
<deny users="*"/>
</authorization>
</system.web>
</location>
..
..
..
Note that if you don't assign multiple roles to your users then you can
allow multiple roles access in the <location> tags. Good luck! Ken.