Re: Folder Authorization.
From: Dominick Baier [DevelopMentor] (dbaier_at_pleasepleasenospamdevelop.com)
Date: 05/26/05
- Next message: Corno: "find out if the user has enough rights to open a page"
- Previous message: Thammarat Charoenchai.: "Re: Folder Authorization."
- In reply to: Thammarat Charoenchai.: "Re: Folder Authorization."
- Next in thread: Thammarat Charoenchai.: "Re: Folder Authorization."
- Reply: Thammarat Charoenchai.: "Re: Folder Authorization."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 26 May 2005 05:10:39 -0700
Hello Thammarat Charoenchai.,
always add a <deny users="*" /> at the end.
<location path="admin">
<system.web>
<authorization>
<allow users="admin"/>
<deny users="*" />
</authorization>
</system.web>
</location>
is the right one
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
> When i use this code in /web.config
>
> <location path="admin">
> <system.web>
> <authorization>
> <allow users="admin"/>
> </authorization>
> </system.web>
> </location>
> I think it should be allow only user name "admin" but when I run it
> allow every user.
>
> but if I use
>
> <location path="admin">
> <system.web>
> <authorization>
> <deny users="*"/>
> </authorization>
> </system.web>
> </location>
> It's not allow all users.
>
> what i'm worng? :)
>
- Next message: Corno: "find out if the user has enough rights to open a page"
- Previous message: Thammarat Charoenchai.: "Re: Folder Authorization."
- In reply to: Thammarat Charoenchai.: "Re: Folder Authorization."
- Next in thread: Thammarat Charoenchai.: "Re: Folder Authorization."
- Reply: Thammarat Charoenchai.: "Re: Folder Authorization."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
