bevacqua
Reputation: 48476
ASP.NET Role based access
I have the following site structure:
What I'd expect this to do was to deny anyone who isn't a logged-in user with the RegisteredUser role, except on Reset.aspx and Validation.aspx, where it would allow anyone (logged-in or not) to access, but this isn't the case right now.
Everyone who isn't a RegisteredUser isn't able to access these two pages, what am I doing wrong?
Update Even this won't work:
<?xml version="1.0"?>
<configuration>
<location path="Reset.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="Validation.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
</configuration>
It doesn't make any sense, isn't this supposed to be the system default?
Upvotes: 1
Views: 888
Answers (1)
Kirill
Reputation: 3088
You do not need to map paths, only file names:
<?xml version="1.0"?>
<configuration>
<location path="Reset.aspx">
<system.web>
<authorization>
<allow users="*" />
<deny />
</authorization>
</system.web>
</location>
<location path="Validation.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<system.web>
<authorization>
<allow roles="RegisteredUser" />
<deny users="*" />
</authorization>
</system.web>
</configuration>
Upvotes: 1
Related Questions
- Asp.net Web Application Role based authentication
- Role based authorization in asp.net
- Asp.net membership permissions and roles
- ASP.NET Security Roles AND Permissions
- ASP.NET Membership and Roles
- Using roles in Asp.Net MemeberShip?
- Role based authorization
- ASP.NET - Membership and roles
- ASP.Net membership and Roles Managment
- ASP.NET access controls