<body><script type="text/javascript"> function setAttributeOnload(object, attribute, val) { if(window.addEventListener) { window.addEventListener('load', function(){ object[attribute] = val; }, false); } else { window.attachEvent('onload', function(){ object[attribute] = val; }); } } </script> <div id="navbar-iframe-container"></div> <script type="text/javascript" src="https://apis.google.com/js/platform.js"></script> <script type="text/javascript"> gapi.load("gapi.iframes:gapi.iframes.style.bubble", function() { if (gapi.iframes && gapi.iframes.getContext) { gapi.iframes.getContext().openChild({ url: 'https://www.blogger.com/navbar/8776281485402821239?origin\x3dhttp://mythoughtsaboutcode.blogspot.com', where: document.getElementById("navbar-iframe-container"), id: "navbar-iframe", messageHandlersFilter: gapi.iframes.CROSS_ORIGIN_IFRAMES_FILTER, messageHandlers: { 'blogger-ping': function() {} } }); } }); </script>

.

User Roles in ASP.NET 2.0
Tuesday, July 10, 2007

So today I was working on a project where I needed to allow for certain users to access a site but no one else. Seems simple enough but logic goes out the window with this.

I had this which made sense to me. Deny everyone first, then add the roles that I wanted to have access:

<system.web>
   <authorization>
      <deny users="*" />
      <allow roles="CSR User" />
      <allow roles="Content Editor" />
      <allow roles="Market Administrator" />
      <allow roles="National Administrator" />
      <allow roles="Regional Administrator" />
      <allow roles="Super Administrator" />
   </authorization>
</system.web>

Turns out that you have to allow the users first and then deny everyone. So next time I come across this, I will throw logic out the window and get it done faster. This one is the one that works:

<system.web>
   <authorization>
      <allow roles="CSR User" />
      <allow roles="Content Editor" />
      <allow roles="Market Administrator" />
      <allow roles="National Administrator" />
      <allow roles="Regional Administrator" />
      <allow roles="Super Administrator" />
      <deny users="*" />
   </authorization>
</system.web>

Labels: , ,

You can leave your response or submit to Digg by using the links below.
Comment | Digg This | Go to end

Read This

All entries in this blog are my opinion and don't necessarily reflect the opinion or views of my employer (Terralever).

This is where I talk about the little bit of .NET code that I actually know and different techy things that interest me. Feel free to tell all your friends about my little blog and hopefully soon, it won't be so little.

My Thoughts About Code | feed

5ThirtyOne and Blogger Templates design | Top