Authorization Asp.net web.config
26,609
Solution 1
Yes, exactly so (assuming you properly authenticated your users, and set their roles accordingly).
Check the MSDN article: https://docs.microsoft.com/en-us/previous-versions/dotnet/netframework-1.1/8d82143t(v=vs.71)
Solution 2
yes, you can add n roles like that.
If you prefer, you can also:
<allow roles="admin"/>
<allow roles="admin1"/>
<deny users="*"/>
Solution 3
Yes, roles, users and verbs takes comma separated values.
Author by
user29964
Updated on April 13, 2021Comments
-
user29964 about 3 years
I have an application that has a backoffice. This backoffice was isolated with the use of roles like this:
<location path="backoffice"> <system.web> <authorization> <allow roles="admin"/> <deny users="*"/> </authorization> </system.web> </location>
But now we have another type of role that needs access. The companyadmin role.
Can I just say?:
<location path="backoffice"> <system.web> <authorization> <allow roles="admin,companyadmin"/> <deny users="*"/> </authorization> </system.web> </location>
-
mbillard about 15 yearswhat the hell is going on with that grammar?
-
user441521 over 6 years@mbillard He's saying 'N' number of roles, meaning as many as needed.
-
General Grievance about 3 yearsIt may be important to note that order does matter. According to the docs, it will check one rule at a time in short-circuit fashion. i.e., if the first rule is a "deny all," then the resource will be denied. If the user passes by the first rule with an allow, then access is granted.