Click here to Skip to main content
15,885,366 members
Search within:


Articles / Location
 
Article

ASP.NET WebConfig : Location and Authroization Tags

Rate me:
Please Sign up or sign in to vote.
5.00/5 (1 vote)
11 Oct 2013CPOL2 min read 16.8K   3  
Here’s is an article saying, how to use the Authorization Tag in Web.Config  As per the MSDN Articles, the Location>Authorization Mechanism works

This articles was originally at wiki.asp.net but has now been given a new home on CodeProject. Editing rights for this article has been set at Bronze or above, so please go in and edit and update this article to keep it fresh and relevant.

Here’s is an article saying, how to use the Authorization Tag in Web.Config

 

As per the MSDN Articles, the Location>Authorization Mechanism works on a TOP to DOWN Approach. As if we consider the case, where we need to Define Separate Roles for Folders in the Root Directory.

 

Application Root >> Members (Premium Paid)     --- this folder is for the users, who are registered with site and have paid some amount for some services, and contains the relevant files or pages.

Application Root >> Admin --- this folder is for the Site Admin

Application Root >> Members (Non-paid Members) --- this folder is for the users, who have not paid for any special or paid service but still they are registered with the site for services like Newsletter or Blogging etc.

 

For this case we need to do the following :

 

1.       Implement the Same Forms Authentication for ASP.NET Login Control

2.       Add Location tag for Members(Premium Paid) as :

 

<location path=”Members(Premium Paid)”>

<authorization>

<allow roles=”Premium_Paid_Members” />  ---- Allow the desired role first

                <deny users=”*” /> --- now Deny all roles and users, this follows the TOP to DOWN approach

                <deny roles=”*” /> --- now Deny all roles and users, this follows the TOP to DOWN approach

</authorization>

</location>

 

3.       Add Location tag for Admin as :

<location path=”Admin”>

                <authorization>

                                <allow roles=”Admin” />       ---- You may add verbs as per the requirement like for Only Post Data (verbs=”post”)

                                <deny users=”*” />

                <deny roles=”*” /> --- now Deny all roles and users, this follows the TOP to DOWN approach

                </authorization>

</location>

 

4.       Add Location tag for Admin as :

<location path=” Members (Non-paid Members)”>

                <authorization>

                                <allow roles=”Members” />

                                <deny users=”*” />

                <deny roles=”*” /> --- now Deny all roles and users, this follows the TOP to DOWN approach

                </authorization>

</location>

 

Conclusion : we must allow the desired Roles or the Users before denying all users and roles on the folder, so that proper access for all the folders can be maintained at same time.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


Written By
ASP.NET Community
United States United States
The ASP.NET Wiki was started by Scott Hanselman in February of 2008. The idea is that folks spend a lot of time trolling the blogs, googlinglive-searching for answers to common "How To" questions. There's piles of fantastic community-created and MSFT-created content out there, but if it's not found by a search engine and the right combination of keywords, it's often lost.

The ASP.NET Wiki articles moved to CodeProject in October 2013 and will live on, loved, protected and updated by the community.
This is a Collaborative Group

754 members

Comments and Discussions

 
 
-- There are no messages in this forum --
Permalink
Advertise
Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Posted 11 Oct 2013

Article Copyright 2013 by ASP.NET Community
Everything else Copyright © CodeProject, 1999-2024

Web03 2.8:2024-04-02:1