Authenticate user by roles in asp.net

Forms authentication enables user and password validation for Web applications that do not require Windows authentication. With forms authentication, user information is stored in an external data source, such as a Membership database, or in the configuration file for an application. Once a user is authenticated, forms authentication maintains an authentication ticket in a cookie or in the URL so that an authenticated user does not need to supply credentials with each request. 

At my web site, I have a folder “Admin”, which I only want users with administration roles to be able to access them. I simply don’t want to check each user’s right on this folder, just depends on roles. This article is about this approach. 

In my case, I don’t care who have logged into my website, if they are not logged in, they can only browse my web site; if they registered and logged in, they can do certain things, like add a fire panel, delete the fire panel they created; if users logged in with administration roles, web site will grant them rights to access files under “admin” folder.   

Download the code, unzip it to a folder, create a virtual directory on IIS for it.  Root directory contains “login.aspx”,”logout.aspx”,”default.aspx”, and a folder called “admin”, at “admin” there is only one file, “default.aspx”, this is the file I will stop normal user from accessing it.

Forms authentication include several important parts you need to implement.

At my web.config file I set Authentication mode to “Forms”.

At web.config, I create a folder that I want to authenticate user.

Like following: