Name
<allow>
Synopsis
Specifies users, roles, and/or HTTP verbs to be authorized for the application.
Scope
Any
Attributes
-
users
A comma-delimited list of authorized usernames.
-
roles
A comma-delimited list of authorized roles (NT groups).
-
verbs
A comma-delimited list of authorized HTTP verbs (GET, HEAD, POST, or DEBUG).
Child Elements
None
Example
See the example for the <authorization>
element.
Notes
You can use two wildcards to specify special groups of users:
- *
When used for the value of the
user
attribute, allows access for all users. This is the default configuration setting, as defined inmachine.config
.-
?
When used for the value of the
user
attribute, allows access to anonymous users. This wildcard is more commonly used with the<deny>
element.
Get ASP.NET in a Nutshell now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.