Reputation: 2808
Confusion in window built in authentication (web.config)
I am currently working with my asp.net project. I use web.config settings to allow and deny services !
It works totaly fine ! Now I got some query ( just for knowledge) that if I use deny and allow authentication both what will happen ?
My code seems like that
<system.web>
<authorization>
<deny users="user_name" />
<allow users="user_name" />
</authorization>
</system.web>
Thanks in advance !
Upvotes: 2
Views: 175
Answers (1)
Reputation: 37232
Authorization elements are evaluated in the order they are given in the configuration file.
In your example, the user would be denied, as the deny entry is earlier in the list than the allow entry.
Note that your question is referring to ASP.NET URL Authorization Behaviour (i.e. the settings defined in system.web\authorization). The behaviour of IIS URL Authorization is quite different. See the "Differences Table" here.
Upvotes: 1
Related Questions
- ASP.Net Authentication using <credentials> in web.config
- Windows Authentication in web.config in asp.net mvc4
- In ASP.Net what is the difference between Authentication in IIS and in web.config
- authorization web.config
- IIS / Windows Authentication
- How can I set windows authenication from web.config properly
- web config authentication
- authentication in web.config
- web.config and authentification, authorization, location
- Multiple/Different authentication settings in web.config