Reputation: 7782
Asp.net Role isn't working as it should
I setup role management such that only user with the role "Employee" can view a page. However it is allowing anyone who is logged in to view the page, how do I change it so only those user who is both logged in and have the role "Employee" for view my page?
<location path="About.aspx">
<system.web>
<authorization>
<deny users="?"/>
<allow roles="Employee"/>
</authorization>
</system.web>
</location>
Upvotes: 1
Views: 100
Answers (1)
Reputation: 11433
According to MSDN:
At run time, the authorization module iterates through the allow and deny elements, starting at the most local configuration file, until the authorization module finds the first access rule that fits a particular user account. Then, the authorization module grants or denies access to a URL resource depending on whether the first access rule found is an allow or a deny rule
Based on that explanation, you should allow Employees (because that will match first), and then deny everyone else.
<location path="About.aspx">
<system.web>
<authorization>
<allow roles="Employee"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
Upvotes: 3
Related Questions
- Problems with roles
- ASP.NET Membership Roles Web.config settings
- Roles authentication is not working in asp.net
- Specifying Roles in web.config of an asp.net MVC application
- Allow roles not working but allow users working in web.config
- ASP.NET membership and role provider config issue
- Configuration Error on roleManager in web.config on subdirectory
- Allowing roles in web.config
- ASP.NET MVC2 custom rolemanager (webconfig problem)
- Adding Role to User Created in Web.config