Name

<allow>

Synopsis

Specifies users, roles, and/or HTTP verbs to be authorized for the application.

Scope

Any

Attributes

users

A comma-delimited list of authorized usernames.

roles

A comma-delimited list of authorized roles (NT groups).

verbs

A comma-delimited list of authorized HTTP verbs (GET, HEAD, POST, or DEBUG).

Child Elements

None

Example

See the example for the <authorization> element.

Notes

You can use two wildcards to specify special groups of users:

*

When used for the value of the user attribute, allows access for all users. This is the default configuration setting, as defined in machine.config.

?

When used for the value of the user attribute, allows access to anonymous users. This wildcard is more commonly used with the <deny> element.

Get ASP.NET in a Nutshell now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial