Using rowupdating event
Now you should be able to view the three protected pages.Figure 5: Tito Can Visit the Note When specifying URL authorization rules – for roles or users – it is important to keep in mind that the rules are analyzed one at a time, from the top down.
If the user's browser does not support cookies, or if their cookies are deleted or lost, somehow, it's no big deal – the Note Microsoft's Patterns & Practices group discourages using persistent role cache cookies.
Applying authorization rules on a user-by-user basis can grow into a bookkeeping nightmare.
A more maintainable approach is to use role-based authorization.
As soon as a match is found, the user is granted or denied access, depending on if the match was found in an URL authorization makes it easy to specify coarse authorization rules that state what identities are permitted and which ones are denied from viewing a particular page (or all pages in a folder and its subfolders).
However, in certain cases we may want to allow all users to visit a page, but limit the page's functionality based on the visiting user's roles.