Deny acces to users that are not in any role

Discussion in 'ASP .Net' started by Markus Palme, Sep 17, 2006.

  1. Markus Palme

    Markus Palme Guest

    Hi NG!

    Is it possible to deny access to a (logged in) user that is not in any
    role? Placeholders like <deny roles="?"/> don't seem to be possible.

    Regards
    Markus

    <location path="Protected.aspx">
    <system.web>
    <authorization>
    <allow roles="Administrator"/>
    <deny roles="Staff"/>
    </authorization>
    </system.web>
    </location>
     
    Markus Palme, Sep 17, 2006
    #1
    1. Advertising

  2. As long as you do not have an allow rule higher up, it will automatically
    deny all roles that are not allowed. If you have a generic rule higher that
    allows access, then you do have to explicitly deny. You can deny generically
    for roles ... but you can for users. Thus, this is valid:

    <location path="Protected.aspx">
    <system.web>
    <authorization>
    <allow roles="Administrator"/>
    <deny users="*"/>
    </authorization>
    </system.web>
    </location>

    --
    Gregory A. Beamer
    MVP; MCP: +I, SE, SD, DBA

    *************************************************
    Think outside of the box!
    *************************************************
    "Markus Palme" <> wrote in message
    news:...
    > Hi NG!
    >
    > Is it possible to deny access to a (logged in) user that is not in any
    > role? Placeholders like <deny roles="?"/> don't seem to be possible.
    >
    > Regards
    > Markus
    >
    > <location path="Protected.aspx">
    > <system.web>
    > <authorization>
    > <allow roles="Administrator"/>
    > <deny roles="Staff"/>
    > </authorization>
    > </system.web>
    > </location>
    >
     
    Cowboy \(Gregory A. Beamer\), Sep 18, 2006
    #2
    1. Advertising

  3. Markus Palme

    Markus Palme Guest

    > <deny users="*"/>

    Thanks, that is the solution.
     
    Markus Palme, Sep 22, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Dan
    Replies:
    4
    Views:
    13,445
  2. ABC
    Replies:
    7
    Views:
    823
  3. =?Utf-8?B?QWRvbGZv?=

    Problems with AJAX an <location deny users=? ...

    =?Utf-8?B?QWRvbGZv?=, Feb 21, 2006, in forum: ASP .Net
    Replies:
    0
    Views:
    442
    =?Utf-8?B?QWRvbGZv?=
    Feb 21, 2006
  4. Jeff
    Replies:
    2
    Views:
    962
    clintonG
    Sep 19, 2006
  5. Kylin

    <deny users="?" /> <allow users="*" />

    Kylin, May 17, 2005, in forum: ASP .Net Security
    Replies:
    2
    Views:
    606
    Ravichandran J.V.
    May 19, 2005
Loading...

Share This Page