However, in certain cases we may want to allow all users to visit a page, but limit the page's functionality based on the visiting user's roles.
This may entail showing or hiding data based on the user's role, or offering additional functionality to users that belong to a particular role.
Such fine grain role-based authorization rules can be implemented either declaratively or programmatically (or through some combination of the two).
In the next section we will see how to implement declarative fine grain authorization via the Login View control.
In particular, we created a page that listed the contents of the current directory.
Anyone could visit this page, but only authenticated users could view the files' contents and only Tito could delete the files.
Applying authorization rules on a user-by-user basis can grow into a bookkeeping nightmare.
And the Roles API includes methods for determining the logged in user's roles.
This tutorial starts with a look at how the Roles framework associates a user's roles with his security context. NET pipeline it is associated with a security context, which includes information identifying the requestor.
Figure 5: Tito Can Visit the Note When specifying URL authorization rules – for roles or users – it is important to keep in mind that the rules are analyzed one at a time, from the top down.