I have a section of the site that is restricted to our younger members and sections that are restricted to adult members only. The adult members are NOT allowed to go onto the youth section unless also a parent or supervisor. Parents and adult supervisors are allowed on the youth site. Youth are restricted from the adult content section.
people that are member may have multiple roles for example I have Member, Adult Member, Boardmember, Administrator, Webmaster roles
I have these roles set up
- Visitior -- can register but cannot visit restricted member only pages.
- Member -- have access to member restricted pages can request games
- Adult Member -- have access to adult member pages cannot visit youth member pages
- Youth Member -- have access to youth member pages cannot access adult member pages
- Parent of Youth -- can access youth member pages even if not a member but do not have access to other member pages
- Youth Supervisor -- can access youth membere pages
- Administrator -- has access to everything
- Webmaster -- has access to everything
- Boardmember -- has access to membership section of admin side
- Newsletter Editor -- has access to newsletter section of admin side
- Event Coordinator -- has access to Events and speakers section of admin side
- Games Librarian -- has access to games section of admin side - can add new games/mark games as checked out or as returned
My question is when a person is logged in and tries to access a page that they are not in correct role for I want to take them to a page that says they are unauthorized to access that page. I have a view in Errors Controller called NotAuthorized.cshtml that i would like to take them to.
Right now my controller code says
namespace MyNamespace.Areas.Members.Views
{
[Authorize(Roles = "Youth Member", "Parent of Youth", "Youth Supervisor", "Administrator","Webmaster")]
public ActionResult Index()
{
return View();
}
}
but when I am testing it takes me to the login page when I login as a user that does not have access trying to access one of the restricted pages. So what do I need to change?