newbie: allow deny vs deny allow

[Jeff]

asp.net 2.0 security:

Below are 2 authorization blocks. I wonder what is the difference between
them from a security point of view?

I guess this can be a standard question on a asp.net 2.0 certification exam,
so i'm very interested to know the difference between these settings.

<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>

<authorization>
<allow users="*"/>
<deny users="?"/>
</authorization>

 

[Cowboy \(Gregory A. Beamer\)]

There should be nothing different because of the ordering. In each case, you
are saying allow all, but deny by ensuring a person has an account.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

*************************************************
Think outside of the box!
*************************************************

 

[clintonG]

The permissions are applied in the order they are declared.

<%= Clinton Gallagher
NET csgallagher AT metromilwaukee.com
URL http://clintongallagher.metromilwaukee.com/
MAP 43°2'17"N 88°2'37"W : 43°2'17"N 88°2'37"W