G
Guest
I have the following questions to ask.
For example, there are two roles, A and B to grant to users UA and UB
respectively.
UB in not in role A and UA is not in role B.
A can access to Apage and B to Bpage by typing their passwords, resp..
However, when A has accessed Apage and know the URL of Bpage, A can access
to Bpage. Right now I hard-code it in codebehind functions to protect the
system from this case.
I would like to setup configuration file Web.config such that I do not need
to add code to each of the codebehind function.
I have added the following to Web.config, but it seems not working in this
way. Anyone can give me a help? thanks
David
<location path="Apage.aspx">
<system.web>
<authorization>
<allow roles="A" />
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="Bpage.aspx">
<system.web>
<authorization>
<allow roles="B" />
<deny users="*" />
</authorization>
</system.web>
</location>
For example, there are two roles, A and B to grant to users UA and UB
respectively.
UB in not in role A and UA is not in role B.
A can access to Apage and B to Bpage by typing their passwords, resp..
However, when A has accessed Apage and know the URL of Bpage, A can access
to Bpage. Right now I hard-code it in codebehind functions to protect the
system from this case.
I would like to setup configuration file Web.config such that I do not need
to add code to each of the codebehind function.
I have added the following to Web.config, but it seems not working in this
way. Anyone can give me a help? thanks
David
<location path="Apage.aspx">
<system.web>
<authorization>
<allow roles="A" />
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="Bpage.aspx">
<system.web>
<authorization>
<allow roles="B" />
<deny users="*" />
</authorization>
</system.web>
</location>