The Login View control, which renders different output for authenticated and anonymous users, can be configured to display different content based on the logged in user's roles.
And the Roles API includes methods for determining the logged in user's roles.
For more information on this security recommendation, as well as other security concerns, refer to the Security Question List for ASP. parameter, as this parameter indicates that the user arrived at the login page after attempting to view a page he was not authorized to view.
Figure 4: Only Users in the Administrators Role Can View the Protected Pages (Click to view full-size image) Log off and then log in as a user that is in the Administrators role.
It then examines how to apply role-based URL authorization rules. When using forms authentication, an authentication ticket is used as an identity token.
The good news is that the tools at our disposal for applying authorization rules work equally well with roles as they do for user accounts.
URL authorization rules can specify roles instead of users.
In this case, the cookie will not be sent when making requests to subdomains, such as admin.
If you want the cookie to be passed to all subdomains you need to customize the exists is because many user agents do not permit cookies larger than 4,096 bytes.