I have some .aspx pages in my asp.net web application which only admin can only see and some .aspx pages which all users can see. How can i restrict normal users accessing the pages intended for admin ?
More over I'm not implementing the authorization from the asp.net what i mean to say is i'm implementing the authentication by myself using sessions and flag variables. How can i restrict content to users dependent on the privileges in this scenario ?
I would probably create a custom function, of course public method, which contains all the logic based on the roles [as you have mentioned that you don't want to go with membership feature of asp.net] to allow deny the user to access pages. This method will check the user eligibility for the page, for better logic you can keep the key for all pages in web.Config.
You can create the key in
<appsetting>
<add key="Page1" value="ViewOrders.aspx"/>
<add key="Page2" value="DeleteOrders.aspx"/>
Now, you can create a for/foreach loop in the method to iterate key value for the page name. I said this because it will be easier for you to add pages later and assign them roles accordingly.
Edit
Perhaps, you would like to see this http://mywsat.codeplex.com/