Using URL Authorization to Allow or Limit Access
URL Authorization is a feature that is available through modifications to the config file of an application or site. Using URL Authorization is rather simple; it requires the addition of at least one of two elements—allow and/or deny—to the authorization section of the web.config file. This section is typically found right under the authentication mode element. Listing 15.1 shows the configuration entry necessary to allow the user "Administrator" access and deny access to everyone else.
Listing 15.1. Partial web.config File
<authentication mode="Windows" />
<authorization>
<allow users="Administrator" />
<deny users="*" />
</authorization>
|
Notice in Listing 15.1 that even though we are allowing ...
Get .NET Framework Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
