MVC RoleProvider and Authorize attribute

Question

I have implemented my own role provider, and I\'m not using the default one. It works to the point that it can tell when someone should or should not be able to view a page.

Answer 1

Off the top of my head, if you are using FormsAuthentication then to answer your first question - yes If the user is not Authenticated or logged in then it can be redirected to the log on page:

Make sure you have this in web.config file (not sure if you need anything beside this, will look into it..)

To answer your second question: "If a user IS logged in but does not have the correct role, redirect to a different page"

The way we did this was, we used the System.Web.Security.Roles.GetRolesForUser(username); method to get the Roles and based on this we redirected the user to the correct view, after login.

Hope this helps!