I think mixing security with MasterPage is not a great idea - .NET has great security framework, so why not leverage that ?
Assuming following schema:
- signed-in users can see Default.aspx
- admins can see anything under /Admin folder
- signed-in users can't see /Admin folder
- anonymous users can't see anything but
Web.config:
<location path="Admin">
<system.web>
<authorization>
<allow roles="Admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Default.aspx">
<system.web>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
</system.web>
</location>
<system.web>
<authentication mode="Forms">
<forms loginUrl="Login.aspx" defaultUrl="Default.aspx" cookieless="UseCookies" />
</authentication>
<anonymousIdentification enabled="true"/>
<roleManager enabled="true" defaultProvider="MyRoleProvider">
<providers>
<add name="MyRoleProvider" type="MyNamespace.MyRoleProvider, WebApplication1"/>
</providers>
</roleManager>
<membership defaultProvider="MyMembershipProvider">
<providers>
<add name="MyMembershipProvider" type="MyNamespace.MyMembershipProvider, WebApplication1"/>
</providers>
</membership>
</system.web>
MyMembershipProvider & MyRoleProvider class:
namespace MyNamespace {
public class MyMembershipProvider : System.Web.Security.MembershipProvider {
// override at least ApplicationName, CreateUser and ValidateUser
// you can throw NotImplementedException for rest
}
public class MyRoleProvider : System.Web.Security.RoleProvider {
// override at least GetAllRoles(), GetRolesForUser() and RoleExists
// you can throw NotImplementedException for rest
}
}
Login.aspx :
// after validation that username&password is correct call
FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, chxRememberMe.Checked);
Congratulations - now you have hooked up to standard .NET web security provider model. Now you can enjoy it like:
<asp:LoginView ID="MasterLoginView" runat="server">
<AnonymousTemplate>
Welcome: Guest
</AnonymousTemplate>
<LoggedInTemplate>
Welcome:
<asp:LoginName ID="MasterLoginName" runat="server" />
</LoggedInTemplate>
</asp:LoginView>
or
<asp:LoginView ID="MasterLoginView" runat="server">
<RoleGroups>
<asp:RoleGroup Roles="Admin">
<ContentTemplate>
Welcome mighty admin
</ContentTemplate>
</asp:RoleGroup>
</RoleGroups>
</asp:LoginView>
Also if you're using Sitemap provider for the site links, when you enable security trimming .NET will use this provider to calculate which links can be displayed to users, etc.
Pageproperty, compare its type to the default page typePage.GetType() == typeof(_Default). However, this is ugly code and very bad for maintainability in my opinion. - Matthew