private void Application_BeginRequest(Object source, EventArgs e) { application = (HttpApplication)source; context = application.Context; var path = context.Request.Path; var pathParts = path.Split('/'); var roleKey = "security:" + pathParts[1].ToLower(); var vals = WebConfigurationManager.AppSettings[roleKey]; if (vals.IsNullOrEmpty()) { return; } var acceptedRoles = vals.Split(','); var cookies = context.Request.Cookies; var cookie = cookies.Get("UserID"); var userId = cookie != null ? cookie.Value : null; if (!userId.IsNullOrEmpty()) { StringBuilder sqlCheckUser = new StringBuilder(); sqlCheckUser.AppendFormat("EXEC [dbo].[spGetWebGroupForUser__cai] @WebUserId = {0}", userId); DataAction action = new DataAction(); DataTable userResult = action.GetDataTable(sqlCheckUser.ToString()); bool hasRole = false; if (userResult.Rows.Count > 0) { for (var i = 0; i < userResult.Rows.Count; i++) { string userRole = userResult.Rows[i][0].ToString(); foreach (string role in acceptedRoles) { if (role.ToLower().Equals(userRole.ToLower())) { hasRole = true; break; } } if (hasRole) { break; } } } if (!hasRole) { context.Response.Redirect(WebConfigurationManager.AppSettings["unauthorizedPage"]); } else { LogUserLoggedInEvent(path, userId /*, GetUserName(userId)*/); } } else { HttpCookie c = new HttpCookie("ReturnToPage"); c.Expires = DateTime.Now.AddMinutes(15); c.Value = context.Request.Url.ToString(); context.Response.SetCookie(c); context.Response.Redirect(WebConfigurationManager.AppSettings["loginPage"]); } }