<deny users="?" /> <allow users="*" />

Discussion in 'ASP .Net Security' started by Kylin, May 17, 2005.

  1. Kylin

    Kylin Guest

    <!-- security -->
    <authorization>
    <deny users="?" />
    <allow users="*" />
    </authorization>

    I know the <deny user="?" /> mean that deny the anonymous user ,
    And I know the <allow user="*"> mean that allow all the user,
    but they are together ,
    what is the meaning ?
     
    Kylin, May 17, 2005
    #1
    1. Advertisements

  2. web.config file is interpreted line by line. This means deny anonymous user
    and accepten users which are authenticated. When a user request wants to be
    authorized, ASP.NET looks if it is a guest, if yes denies, otherwise allows
    user.

    Try to change line order and see what happens like:
    <!-- security -->
    <authorization>
    <allow users="*" />
    <deny users="?" />
    </authorization>
     
    Yunus Emre ALPÖZEN [MCAD.NET], May 17, 2005
    #2
    1. Advertisements

  3. "?" stands for anonymous users and "*" for all users. So,

    <allow users="Jv"/>
    <deny users="?"/>

    will allow user "Jv" but deny all anonymous users. You can use to separate
    multiple identiies.

    <allow users="Jv, Kylin"/>
    <deny users="?"/>

    with regards,

    J.v.
     
    Ravichandran J.V., May 19, 2005
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.