public string ReturnUrl
{
get
{
return ViewState["ReturnUrl"].ToString();
}
}
if (Membership.ValidateUser(myLogin.UserName, myLogin.Password))
{
e.Authenticated = true;
//I DO SOME PROCESSING TO GET THE ROLE OF THE USER HERE
//AND PUT THAT VALUE IN A VARIABLE CALLED "role"
role = SomeProcessingToGetRole();
redir = Request.QueryString["ReturnUrl"];
Response.Redirect(WHAT GOES HERE???);
}
else
{
// Username/password are not valid...
e.Authenticated = false;
}
login.aspx code behind
----------------------------------------------
public partial class Login : System.Web.UI.Page
{
public string ReturnUrl
{
get
{
return ViewState["ReturnUrl"].ToString();
}
}
.
.
.
protected void myLogin_Authenticate(object sender, AuthenticateEventArgs e)
{
string role = "";
string roles = "";
string redir = "";
// Get the email address entered
//TextBox EmailTextBox = myLogin.FindControl("Email") as TextBox;
//string email = EmailTextBox.Text.Trim();
// Verify that the username/password pair is valid
if (Membership.ValidateUser(myLogin.UserName, myLogin.Password))
{
e.Authenticated = true;
redir = Request.QueryString["ReturnUrl"];
.
.
.
string[] usersBelongingToRole = Roles.GetRolesForUser(myLogin.UserName);
foreach (String s in usersBelongingToRole)
{
roles = String.Format(roles.ToString() + "{0}", s);
}
if (roles.IndexOf("QUSuperMan") != -1)
role = "QUSuperMan";
else if (roles.IndexOf("QUCoach") != -1)
role = "coach";
else
role = "student";
Response.Redirect(redir + "?AccessLevel=" + role);
else
{
// Username/password are not valid...
e.Authenticated = false;
}
}
web.config
--------------------------------------------
.
.
.
<authentication mode="Forms">
<forms loginUrl="~/Login.aspx" defaultUrl="~/Default.aspx"/>
</authentication>
.
.
.
<location path="AddEditStudent.aspx" allowOverride="true">
<system.web>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
</system.web>
</location>
Secondly, if you're running the application in a farm, the session information (including the login status of a visitor) should be available across all the servers. In short, I wouldnt' expect you to have any problems using forms authentication.