Deny acces to users that are not in any role

M

Markus Palme

Hi NG!

Is it possible to deny access to a (logged in) user that is not in any
role? Placeholders like <deny roles="?"/> don't seem to be possible.

Regards
Markus

<location path="Protected.aspx">
<system.web>
<authorization>
<allow roles="Administrator"/>
<deny roles="Staff"/>
</authorization>
</system.web>
</location>
 
C

Cowboy \(Gregory A. Beamer\)

As long as you do not have an allow rule higher up, it will automatically
deny all roles that are not allowed. If you have a generic rule higher that
allows access, then you do have to explicitly deny. You can deny generically
for roles ... but you can for users. Thus, this is valid:

<location path="Protected.aspx">
<system.web>
<authorization>
<allow roles="Administrator"/>
<deny users="*"/>
</authorization>
</system.web>
</location>

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

*************************************************
Think outside of the box!
*************************************************
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Deny anonymous users and showing link! 1
Blocking Direct URL Access through web config 1
Role authorization, if denied access, how NOT to kick back to login? 7
Deny Access to MP3 folder 2
problem with role and accessibility 2
ASP.NET 2.0 Authorization based on Combination of Allow/Deny Users/Roles. 0
web.Config Deny access not working??? 2
Role base security and RedirectUrl 3

Members online

Total: 340 (members: 2, guests: 338)
Robots: 411

Forum statistics

Threads
473,968
Messages
2,570,150
Members
46,697
Latest member
AugustNabo

Latest Threads

Top