URL Authorization does not override File Authorization?
- From: "SeanRW" <sean.woodward@xxxxxxx>
- Date: 24 May 2006 16:32:44 -0700
Hello,
I have a question as to how URL Authorization and File Authorization
work together. In particular, how can one supercede the other.
In our setup, the impersonated user has an ACL on the resource (File
Authorization would be successful).
Yet, the URL Authorization rules are written so that they should
prevents that user from accessing a resource (URL Authorization should
deny this user access).
Why can a successful File Authorization bypass the denied URL
Authorization evaluation?
Example:
The user, DOMAIN\doug has a full access to Home.aspx.
The URL Authorization rules prevent anyone but "AuditUsers" from
</system.web>
<location path="home.aspx">
<system.web>
<authorization>
<allow roles="DOMAIN\AuditUsers" />
<deny users="*" />
</authorization>
</system.web>
</location>
Any thoughts? The documentation isn't clear on precedence rules (if
any).
-SeanRW
.
- Follow-Ups:
- Re: URL Authorization does not override File Authorization?
- From: Dominick Baier [DevelopMentor]
- Re: URL Authorization does not override File Authorization?
- Prev by Date: Re: Calling NetUserGetInfo from ASP.NET app
- Next by Date: Re: Calling NetUserGetInfo from ASP.NET app
- Previous by thread: Calling NetUserGetInfo from ASP.NET app
- Next by thread: Re: URL Authorization does not override File Authorization?
- Index(es):
Relevant Pages
|
