O'Reilly logo

ASP.NET 4 24-Hour Trainer by Toi B. Wright

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 28A. Authorization in Web Forms

Authorization refers to the process of determining what a user is authorized to do in your web application. In Lessons 26 and 27 you learned how to use various types of authentication to determine who the user is. In this lesson you learn how to control to which pages users have access.

AUTHORIZATION ELEMENT

Authorization works the same way regardless of how the user is authenticated. Authorization is configured by using the authorization element in the web.config file. If you place the following authorization element into the root web.config file, all anonymous users are denied access to your web site:

<configuration>
    ...
    <system.web>
        ...
        <authorization>
            <deny users="?"/>
        </authorization>
    </system.web>
</configuration>

Note

Even if you deny access to all anonymous users, the login page is still accessible to anonymous users.

The authorization element can include multiple deny and allow elements. These elements are used to deny and grant access to resources, respectively. These are the attributes of the deny and allow elements:

  • users — This attribute is used to identify one or more users. You can identify users by name or you can use the question mark (?) to represent all anonymous users and the asterisk (*) to represent all authenticated users.

  • roles — This attribute is used to identify one or more roles.

  • verbs — This attribute is used to identify the HTTP verb. The default is all.

The deny and allow elements must include at least one user or role ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required