So today I was working on a project where I needed to allow for certain users to access a site but no one else. Seems simple enough but logic goes out the window with this.
I had this which made sense to me. Deny everyone first, then add the roles that I wanted to have access:
<system.web>
<authorization>
<deny users=”*” />
<allow roles=”Role 1″ />
<allow roles=”Role 2″ />
<allow roles=”Role 3″ />
<allow roles=”Role 4″ />
<allow roles=”Role 5″ />
<allow roles=”Role 6″ />
</authorization>
</system.web>
Turns out that you have to allow the users first and then deny everyone. So next time I come across this, I will throw logic out the window and get it done faster. This one is the one that works:
<system.web>
<authorization>
<allow roles=”Role 1″ />
<allow roles=”Role 2″ />
<allow roles=”Role 3″ />
<allow roles=”Role 4″ />
<allow roles=”Role 5″ />
<allow roles=”Role 6″ />
<deny users=”*” />
</authorization>
</system.web>
Popularity: 12% [?]
1 User Responded in " User Roles in ASP.NET 2.0 "
Why does it do that? What happens behind the scenes to make it behave the way it does? Maybe there is some logic there.
Leave A Reply Here