wonky <authorization> (order matters?)

S

SpaceMarine

hello,

i am using Windows authentication w/ my web app and lock it down via
roles. in my testing it seems like the *order* of the <authorization>
elements matters.

eg, this works:

<authorization>
<allow roles="Foo" />
<deny users="?" />
<deny users="*" />
</authorization>

but this doesnt:

<authorization>
<deny users="?" />
<deny users="*" />
<allow roles="Foo" />
</authorization>

....for the latter my browser keeps popping a credentials dialog, even
tho im in the Foo role.


is this expected behavior? ASP.NET v2.


thanks!
sm
 
J

Joe Kaplan

Yes, it does matter. It evaluates each rule in order until it matches and
then it applies the allow or deny based on the match.

Joe K.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Windows Authentication - not seeing Groups 4
how to use <authorization> 2
Menu disappears on <authorization> change 4
authorization different paths and roles 4
ASP.NET 2.0 Authorization based on Combination of Allow/Deny Users/Roles. 1
Cannot set specific authorization to a folder 3
Forms Authentication: <location> authorization not bypasssing login page. 1
Problem deploying forms authorization 11

Members online

No members online now.
Total: 31 (members: 0, guests: 31)
Robots: 479

Forum statistics

Threads
473,769
Messages
2,569,579
Members
45,053
Latest member
BrodieSola

Latest Threads

Top