Programming Data-Driven Web Applications with ASP.NET

Role-based Forms Authentication

The .NET Framework enables role-based authentication; users can be assigned to roles and allowed access to resources based on those roles. Role access privileges are defined in the configuration file, either the root configuration file using a <location> element, or a configuration file in a subdirectory.

In Listing 15.10 you create a web.config file to be placed in a subdirectory called /adminonly.

Listing 15.10. Restricting Access by User Roles

[VB & C#]

01: <?xml version="1.0" encoding="utf-8" ?>
02: <configuration>
03:  <system.web>
04:   <authorization>
05:    <allow roles="Administrator" />
06:    <deny users="*" />
07:   </authorization>
08:  </system.web>
09: </configuration>

In Listing 15.10 you create a web.config ...

Get Programming Data-Driven Web Applications with ASP.NET now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Programming Data-Driven Web Applications with ASP.NET by Donny Mack, Doug Seven

Role-based Forms Authentication

Listing 15.10. Restricting Access by User Roles

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly