Okay, so i have implemented forms authentication and authenticated users get redirected to pages depending on their "facility" assignment.
But this will not work for "clever" users who might know to just type in the page name into the url to access other pages (after authentication).
What approach should I use to implement this type of security - whereby each page can validate that the user has the right to view it??
I have a basepageexpired class, which inherits webforms and is inherited by every page.
I was thinking that in the base page I could:
- check which page i'm on
- query database to check if current user has rights to the current page
I'd have to set up a table that would be a look up for the "facility" and have page names in the column.
Does that sound about right??
Appreciate your opinions,