Authorization

S

Shapper

Hello,

In my web site I need to restrict the access to page1.aspx, page2.aspx
and page3.aspx to users which had login and which access level is
"administrator".

The remaining pages can be accessed by all users without needing to
login.

My problem is how to set this in my web.config <authorization> tag:

<authorization>
<allow roles="Admins" />
<deny users="*" />
</authorization>

How can I do this?

Do I need to place my .aspx files inside different paths like:
Administrators, Public, etc?

Thanks,
Miguel
 
W

William F. Robertson, Jr.

Your "main" authentication tag should look as so:

<authorization>
<allow users="*" />
</authorization>

Then outside of your <system.web> tag but still inside <configuration> you
will add location tags.

<location path="page1.aspx">
<system.web>
<authorization>
<allow roles="Admins" />
<deny users="*" />
</authorization>
</system.web>
</location>

<location path="page2.aspx">
<system.web>
<authorization>
<allow roles="Admins" />
<deny users="*" />
</authorization>
</system.web>
</location>


HTH,

bill
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

can someone explain me why this does not work? 1
asp.net 2.0 design login area case study 1
Problem with web.config inheritance and <authorization> section 10
location element in web.config 1
Bypass Forms Authentication for IP address range 2
Role authorization, if denied access, how NOT to kick back to login? 7
Blocking Direct URL Access through web config 1
Forms Authentication 2

Top