newbie: allow deny vs deny allow

Discussion in 'ASP .Net' started by Jeff, Sep 18, 2006.

  1. Jeff

    Jeff Guest

    asp.net 2.0 security:

    Below are 2 authorization blocks. I wonder what is the difference between
    them from a security point of view?

    I guess this can be a standard question on a asp.net 2.0 certification exam,
    so i'm very interested to know the difference between these settings.

    <authorization>
    <deny users="?"/>
    <allow users="*"/>
    </authorization>

    <authorization>
    <allow users="*"/>
    <deny users="?"/>
    </authorization>
     
    Jeff, Sep 18, 2006
    #1
    1. Advertising

  2. There should be nothing different because of the ordering. In each case, you
    are saying allow all, but deny by ensuring a person has an account.

    --
    Gregory A. Beamer
    MVP; MCP: +I, SE, SD, DBA

    *************************************************
    Think outside of the box!
    *************************************************
    "Jeff" <> wrote in message
    news:...
    > asp.net 2.0 security:
    >
    > Below are 2 authorization blocks. I wonder what is the difference between
    > them from a security point of view?
    >
    > I guess this can be a standard question on a asp.net 2.0 certification
    > exam, so i'm very interested to know the difference between these
    > settings.
    >
    > <authorization>
    > <deny users="?"/>
    > <allow users="*"/>
    > </authorization>
    >
    > <authorization>
    > <allow users="*"/>
    > <deny users="?"/>
    > </authorization>
    >
    >
    >
    >
     
    Cowboy \(Gregory A. Beamer\), Sep 18, 2006
    #2
    1. Advertising

  3. Jeff

    clintonG Guest

    The permissions are applied in the order they are declared.

    <%= Clinton Gallagher
    NET csgallagher AT metromilwaukee.com
    URL http://clintongallagher.metromilwaukee.com/
    MAP 43°2'17"N 88°2'37"W : 43°2'17"N 88°2'37"W



    "Jeff" <> wrote in message
    news:...
    > asp.net 2.0 security:
    >
    > Below are 2 authorization blocks. I wonder what is the difference between
    > them from a security point of view?
    >
    > I guess this can be a standard question on a asp.net 2.0 certification
    > exam, so i'm very interested to know the difference between these
    > settings.
    >
    > <authorization>
    > <deny users="?"/>
    > <allow users="*"/>
    > </authorization>
    >
    > <authorization>
    > <allow users="*"/>
    > <deny users="?"/>
    > </authorization>
    >
    >
    >
    >
     
    clintonG, Sep 19, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. \Rob\
    Replies:
    4
    Views:
    3,530
    \Rob\
    May 12, 2004
  2. Douglas J. Badin
    Replies:
    0
    Views:
    507
    Douglas J. Badin
    Feb 14, 2007
  3. Ryan Taylor
    Replies:
    1
    Views:
    718
    Ryan Taylor
    Sep 9, 2004
  4. Kylin

    <deny users="?" /> <allow users="*" />

    Kylin, May 17, 2005, in forum: ASP .Net Security
    Replies:
    2
    Views:
    688
    Ravichandran J.V.
    May 19, 2005
  5. Douglas J. Badin
    Replies:
    1
    Views:
    336
    Walter Wang [MSFT]
    Feb 15, 2007
Loading...

Share This Page