Hi,
I am trying to implement Role based Form Authentication in my Website and been stuck with it. Problem is its not redirecting the user depending on the user role.
Below is the code to authenticate the user. I want to allow only user with Admin role to access pages inside Admin folder. Even after providing correct id and password the Admin is not able redirected to Login.aspx.
if (isValidUser)
{
string role = "Admin";
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, TextBox1.Text, DateTime.Now, DateTime.Now.AddMinutes(1), false, role, FormsAuthentication.FormsCookiePath);
string encTicket = FormsAuthentication.Encrypt(ticket);
Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, encTicket));
Response.Redirect("~/Admin/admin_index.aspx");
}
else
Response.Redirect("Login.aspx");
Extracts from my Web.Config
<authentication mode="Forms">
<forms loginUrl="Login.aspx" timeout="1" cookieless="UseDeviceProfile"/>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
<location path="Admin">
<system.web>
<authorization>
<allow roles="Admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
Any help really appreciated.