User Roles in ASP.NET 2.0
Tuesday, July 10, 2007
So today I was working on a project where I needed to allow for certain users to access a site but no one else. Seems simple enough but logic goes out the window with this.
I had this which made sense to me. Deny everyone first, then add the roles that I wanted to have access:
<system.web>
<authorization>
<deny users="*" />
<allow roles="CSR User" />
<allow roles="Content Editor" />
<allow roles="Market Administrator" />
<allow roles="National Administrator" />
<allow roles="Regional Administrator" />
<allow roles="Super Administrator" />
</authorization>
</system.web>
Turns out that you have to allow the users first and then deny everyone. So next time I come across this, I will throw logic out the window and get it done faster. This one is the one that works:
<system.web>
<authorization>
<allow roles="CSR User" />
<allow roles="Content Editor" />
<allow roles="Market Administrator" />
<allow roles="National Administrator" />
<allow roles="Regional Administrator" />
<allow roles="Super Administrator" />
<deny users="*" />
</authorization>
</system.web>
Labels: ASP.NET 2.0, Internet, User Roles
July 12, 2007 at 1:03 PM
Why does it do that? What happens behind the scenes to make it behave the way it does? Maybe there is some logic there. top