Try Now
More in this section

Forums / Security / Login, roles and permissions

Login, roles and permissions

2 posts, 0 answered
  1. Daniel Svensson
    Daniel Svensson avatar
    12 posts
    31 Aug 2009
    31 Aug 2009
    Link to this post

    Is it possible with SF to use their role and permission system to
    deny users in different roles not to access certain pages?


    I have a website with a partner login. The users signs in, i check which role they belong to and redirects them to the specific page. A normal flow. But you should not be able to alter the url manually to say anotherpartner.aspx, an error page should be displayed. I've seen examples in web.config to restrict users/roles to certain pages, but i would like to see if there is a way with SF to handle this for me?

    How should I implement the login ctrl? I have to have some logic, checking roles, saving some info to db-tables and so forth!

    Daniel Svensson

  2. Radoslav Georgiev
    Radoslav Georgiev avatar
    3370 posts
    01 Feb 2016
    31 Aug 2009
    Link to this post
    Hi Daniel Svensson,

    Thank you for using our services.

    Sitefinity works using the provider model. That means that when you have set up providers you do not have to dig into the database tables to perform data operations. Providers do that for you. In that line of thought Sitefinity has a built in Role Provider whose API you can use to extend the built in controls to perform the redirections based on user roles. I would suggest that you check our Developer Manual Security Section for more information on the API and some code examples.

    Now for the specific case. In my understanding you wish to have different types of users that will belong to certain roles, and based on that when users login they will be redirected to their "role's home page." Consider the following sample code. All it will do is to check if the user logging in belongs to Role A if yes user will be redirected to the "home page" for that role. This will be the behavior always when a user from that role logs in. You can add the code to ~/Sitefinity/UserControls/Login/LoginControl.ascx.cs to extend the default log in control:
    void Page_Load(object sender, EventArgs e) 
            this.Login1.LoggedIn += new EventHandler(Login1_LoggedIn); 
        void Login1_LoggedIn(object sender, EventArgs e) 
            UserManager userManager = new UserManager(this.Login1.MembershipProvider); 
            if (userManager.IsUserInRole(this.Login1.UserName, "RoleA")) 

    For the second part of the requirement you can use the user interface to deny users from accessing pages for particular roles. First of all you can make a page not accessible to anonymous users  from the properties of a page (see attached image). Note that pages use page inheritance, so any child pages will inherit security rules from parent pages. You can also deny certain roles View permission for pages.

    All the best,
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Watch a video on how to optimize your support resource searches and check out more tips on the blogs.
2 posts, 0 answered