Role-based Forms Authentication
The .NET Framework enables role-based authentication; users can be assigned to roles and allowed access to resources based on those roles. Role access privileges are defined in the configuration file, either the root configuration file using a <location> element, or a configuration file in a subdirectory.
In Listing 15.10 you create a web.config file to be placed in a subdirectory called /adminonly.
Listing 15.10. Restricting Access by User Roles
[VB & C#] 01: <?xml version="1.0" encoding="utf-8" ?> 02: <configuration> 03: <system.web> 04: <authorization> 05: <allow roles="Administrator" /> 06: <deny users="*" /> 07: </authorization> 08: </system.web> 09: </configuration> |
In Listing 15.10 you create a web.config ...
Get Programming Data-Driven Web Applications with ASP.NET now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.