ASP.NET Tutorial/Authentication Authorization/Authorization

Материал из .Net Framework эксперт
Перейти к: навигация, поиск

Assign a particular username, or comma-delimited list of usernames, to the deny element

The ASP.NET Framework uses a first-match algorithm. 
If you switched the allow and deny rules, then no one, not event Jane, would be allowed to access the pages in the folder.
File: SecretFiles\Web.Config
<configuration>
    <system.web>
      <authorization>
        <allow users="Jane" />
        <deny users="*" />
      </authorization>
    </system.web>
</configuration>


Authorizing by Role

When creating authorization rules, you can authorize by user role. 
File: SecretFiles\Web.Config
<configuration>
    <system.web>
      <authorization>
        <allow roles="Administrator"/>
        <deny users="*"/>
      </authorization>
    </system.web>
</configuration>


Authorizing Files by Location

The location element can apply a set of authorization rules to a folder or page at a particular path.
File: Web.Config
<configuration>
  <system.web>
    <authentication mode="Forms" />
  </system.web>
  <location path="Secret.aspx">
    <system.web>
      <authorization>
        <deny users="?"/>
      </authorization>
    </system.web>
  </location>
</configuration>


Configuring Authorization

If you add the web configuration file to SecretFiles folder, then unauthenticated users are blocked from accessing pages in the folder.
When Forms authentication is enabled, unauthenticated users are automatically redirected to the Login page.
The configuration file denies access to anonymous users. 
The ? symbol represents anonymous (unauthenticated) users.
? Represents unauthenticated users.
* Represents all users (unauthenticated or authenticated).
File: SecretFiles\Web.Config
<configuration>
    <system.web>
      <authorization>
        <deny users="?"/>
      </authorization>
    </system.web>
</configuration>


Use the location element to apply configuration settings to a particular subfolder

File: Web.Config
<configuration>
  <system.web>
    <authentication mode="Forms" />
  </system.web>
  <location path="SecretFiles">
    <system.web>
      <authorization>
        <deny users="?"/>
      </authorization>
    </system.web>
  </location>
</configuration>