This is a simple example of how you can implement role-based forms authentication in ASP.NET. Although ASP.NET makes it fairly simple, it may not be obvious to the new user.

Download Files: roles.zip

To use this example, create a new IIS application, extract the above zip file to its root, and navigate with your browser to ‘default.aspx’.

Web.Config

As you can see below, I have configured Web.Config to allow only those users in the ‘Admin’ role and deny everyone else. If a user is denied or is not authenticated, they are sent to the login page, ‘login.aspx’.

Default.aspx

This page displays the credentials of the current user. If the user isn’t logged in, they are redirected to the ‘login.aspx’ page by Web.Config.

<%@ Page Language="C#" %>






You are logged in as: 

Roles: 

IsInRole("Admin") = 
IsInRole("Accounting") = 

Logout

Login.aspx

This is the login page. I omitted my authentication scheme in the isValidLogin() routine so that you may add your own, whether it be a database lookup or authenticating against LDAP.

<%@ Page Language="C#" Debug="true" %>
<%@ Import Namespace="System.Web.Security" %>







Username: 

Password: 







Incorrect username/password combination.

I believe the rest of the code is fairly self-explanatory.