Skip to Main Content
ASP.NET 4 24-Hour Trainer
book

ASP.NET 4 24-Hour Trainer

by Toi B. Wright
July 2010
Beginner content levelBeginner
552 pages
10h 14m
English
Wrox
Content preview from ASP.NET 4 24-Hour Trainer

Chapter 28A. Authorization in Web Forms

Authorization refers to the process of determining what a user is authorized to do in your web application. In Lessons 26 and 27 you learned how to use various types of authentication to determine who the user is. In this lesson you learn how to control to which pages users have access.

AUTHORIZATION ELEMENT

Authorization works the same way regardless of how the user is authenticated. Authorization is configured by using the authorization element in the web.config file. If you place the following authorization element into the root web.config file, all anonymous users are denied access to your web site:

<configuration>
    ...
    <system.web>
        ...
        <authorization>
            <deny users="?"/>
        </authorization>
    </system.web>
</configuration>

Note

Even if you deny access to all anonymous users, the login page is still accessible to anonymous users.

The authorization element can include multiple deny and allow elements. These elements are used to deny and grant access to resources, respectively. These are the attributes of the deny and allow elements:

  • users — This attribute is used to identify one or more users. You can identify users by name or you can use the question mark (?) to represent all anonymous users and the asterisk (*) to represent all authenticated users.

  • roles — This attribute is used to identify one or more roles.

  • verbs — This attribute is used to identify the HTTP verb. The default is all.

The deny and allow elements must include at least one user or role ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

ASP.NET 4 24-Hour Trainer

ASP.NET 4 24-Hour Trainer

Toi B. Wright
ASP.NET 4 Unleashed

ASP.NET 4 Unleashed

Stephen Walther, Kevin Hoffman, Nate Dudek

Publisher Resources

ISBN: 9780470596913Purchase bookExamplesErrata