When a user who does not belong to admin role is already
logged in and has tried accessing the admin section, unfortunately he will be
again forwarded to the Login page. Refer to Figure 2.
Figure 2 – NotAuthorized Problem
Instead, if a "Not authorized" page is displayed,
it will be more appropriate for this scenario.
We can achieve this by redirecting the user to NotAuthorized
page by including the below code in Page_Load event of Login page.
Listing 12 - Not Authorized Page Redirection
if (User.Identity.IsAuthenticated && Request.QueryString["ReturnUrl"] != null)
The above code checks whether the user is authenticated and
ReturnUrl is not null through which we can confirm that the user is trying to
access a resource which he does not have access after authenticating.