65.9K
CodeProject is changing. Read more.
Home

ASP.NET WebConfig : Location and Authroization Tags

ASP.NET Community
starIconstarIconstarIconstarIconstarIcon

5.00/5 (1 vote)

Oct 11, 2013

CPOL

2 min read

viewsIcon

17173

Here’s is an article saying, how to use the Authorization Tag in Web.Config  As per the MSDN Articles, the Location>Authorization Mechanism works

Here’s is an article saying, how to use the Authorization Tag in Web.Config

 

As per the MSDN Articles, the Location>Authorization Mechanism works on a TOP to DOWN Approach. As if we consider the case, where we need to Define Separate Roles for Folders in the Root Directory.

 

Application Root >> Members (Premium Paid)     --- this folder is for the users, who are registered with site and have paid some amount for some services, and contains the relevant files or pages.

Application Root >> Admin --- this folder is for the Site Admin

Application Root >> Members (Non-paid Members) --- this folder is for the users, who have not paid for any special or paid service but still they are registered with the site for services like Newsletter or Blogging etc.

 

For this case we need to do the following :

 

1.       Implement the Same Forms Authentication for ASP.NET Login Control

2.       Add Location tag for Members(Premium Paid) as :

 

<location path=”Members(Premium Paid)”>

<authorization>

<allow roles=”Premium_Paid_Members” />  ---- Allow the desired role first

                <deny users=”*” /> --- now Deny all roles and users, this follows the TOP to DOWN approach

                <deny roles=”*” /> --- now Deny all roles and users, this follows the TOP to DOWN approach

</authorization>

</location>

 

3.       Add Location tag for Admin as :

<location path=”Admin”>

                <authorization>

                                <allow roles=”Admin” />       ---- You may add verbs as per the requirement like for Only Post Data (verbs=”post”)

                                <deny users=”*” />

                <deny roles=”*” /> --- now Deny all roles and users, this follows the TOP to DOWN approach

                </authorization>

</location>

 

4.       Add Location tag for Admin as :

<location path=” Members (Non-paid Members)”>

                <authorization>

                                <allow roles=”Members” />

                                <deny users=”*” />

                <deny roles=”*” /> --- now Deny all roles and users, this follows the TOP to DOWN approach

                </authorization>

</location>

 

Conclusion : we must allow the desired Roles or the Users before denying all users and roles on the folder, so that proper access for all the folders can be maintained at same time.