aspdotnet-suresh offers C#articles and tutorials,csharp dot net,articles and tutorials, VB.
However, in certain cases we may want to allow all users to visit a page, but limit the page's functionality based on the visiting user's roles.
This may entail showing or hiding data based on the user's role, or offering additional functionality to users that belong to a particular role.
The default value is "/", which informs the browser to send the authentication ticket cookie to any request made to the domain. The default value is an empty string, which causes the browser to use the domain from which it was issued (such as
In this case, the cookie will not be sent when making requests to subdomains, such as admin.
In addition to URL authorization, we also looked at declarative and programmatic techniques for controlling the data displayed and the functionality offered by a page based on the user visiting.
In particular, we created a page that listed the contents of the current directory.It then examines how to apply role-based URL authorization rules. NET to allow only authenticated users to visit a page.Following that, we will look at using declarative and programmatic means for altering the data displayed and the functionality offered by an ASP. Or we could dictate that only users Tito and Bob were allowed, or indicate that all authenticated users except for Sam were permitted.If the user's browser does not support cookies, or if their cookies are deleted or lost, somehow, it's no big deal – the Note Microsoft's Patterns & Practices group discourages using persistent role cache cookies.Since possession of the role cache cookie is sufficient to prove role membership, if a hacker can somehow gain access to a valid user's cookie he can impersonate that user.A more maintainable approach is to use role-based authorization.