How to make separated sessions pear each authenticated folder ?

guru_sami:

If I log in to "admin" subfolder I can enter to "manager" subfolder without been asked for validation.
I wonder if would be possible that users logs in to admin folder can´t do it to manager folder and vice versa.

Thanks.
dimensionavAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

guru_samiCommented:
Yes....that was my fear which I thought you are dealing with by putting Session["Area"] or something like that.
1: Add Roles to userContext ( http://www.dotnetfunda.com/articles/article141.aspx )
Then your web.config location should change like below:
<location path="admin">
            <system.web>
                  <authorization>
                                                                                      <allow roles="Admin"
                        <deny users="*"/>
                  </authorization>
            </system.web>
      </location>

<location path="manager">
            <system.web>
                  <authorization>
                                                                                      <allow roles="Manager"
                        <deny users="*"/>
                  </authorization>
            </system.web>
      </location>

2: Store user Role in Session Variable and on each page check if user belong to particular role, this might become more tricky.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
guru_samiCommented:
Oh yes...if you are using asp.net membership provider for authentication then you can start using RolesProvider as well. In that case discard the previous reference link I provided and look at roles tutorials here:
http://www.asp.net/learn/security/
0
dimensionavAuthor Commented:
I´m not an expert on C# and a think this is gonna take some time so I´ll try and I´ll let you know any issue in a related question.

Thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
.NET Programming

From novice to tech pro — start learning today.