Reputation: 441
I'm having problem with an assignment on asp.net. I would like to ask, is there any way in which i can prevent any users (including authenticated users) from accessing newly created web forms unless I specified the access rights to the page in the web config?
i tried using
<deny users="*">
but it denies all users from accessing any pages, even those which i have already specified access rights, for example:
<location path="home.aspx">
Upvotes: 1
Views: 4827
Reputation: 1063
This should help you:
<location path="FolderName/pagename.aspx">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
Upvotes: 0
Reputation: 5843
Here is a good article to look at, the example is on MS Support
<configuration>
<system.web>
<authentication mode="Forms" >
<forms loginUrl="login.aspx" name=".ASPNETAUTH" protection="None" path="/" timeout="20" >
</forms>
</authentication>
<!-- This section denies access to all files in this
application except for those that you have not explicitly
specified by using another setting. -->
<authorization>
<deny users="?" />
</authorization>
</system.web>
<!-- This section gives the unauthenticated
user access to the ThePageThatUnauthenticatedUsersCanVisit.aspx
page only. It is located in the same folder
as this configuration file. -->
<location path="ThePageThatUnauthenticatedUsersCanVisit.aspx">
<system.web>
<authorization>
<allow users ="*" />
</authorization>
</system.web>
</location>
<!-- This section gives the unauthenticated
user access to all of the files that are stored
in the TheDirectoryThatUnauthenticatedUsersCanVisit folder. -->
<location path="TheDirectoryThatUnauthenticatedUsersCanVisit">
<system.web>
<authorization>
<allow users ="*" />
</authorization>
</system.web>
</location>
</configuration>
Upvotes: 2