Hi All,

I'm looking into a Security solution using ASP.NET and C# for an
Enterprise level application. I would like to implement Role based
security with authorization being performed via entries in the
web.config file (non programmatically, without having to call the
..IsInRole("blabla"); method.

Everything has been fine so far.

However, I am also using a frontController (extending IHttpHandler)
and all requests to the server pass through my custom frontController
and get redirected to the requested page via Server.Transfer.

The problem is that the call to Server.Transfer seems to bypass the
authentication for the page the user is being transferred to. I'm
assuming this is probably by nature due to the way server.transfer
works. Response.Redirect is not an option due to performance reasons.


Does anybody have any suggestions or work arounds for this problem ?
So far it seems to me like I've hit a major roadblock.

thanks,
Nick.