CODEDIGEST
Home Articles CodeDigest Tutorials FAQs
Home > CodeDigest >  
Technologies
 


Controlling Access to Folders in FormsAuthentication using location Element in ASP.Net
Submitted By Satheesh Babu B
On 10/24/2008 5:52:42 AM
Tags: asp.net,CodeDigest  

 This is done by <Location> tag in Web.Config file.

 

Restricting Anonymous Access to a Folder

For example, if we want to allow access to a folder only to authenticated users, then we can do it by the below settings.

 

<location path="FolderName">

                        <system.web>

                                    <authorization>

                                                <deny users="?"/>                               

                                    </authorization>

                        </system.web>

            </location>

 

The above setting in Web.Config will deny anonymous access to the folder specified in the path attribute. In other words, only logged in users can access the resources under that folder.

 

Restricting Access to folder based on Role

We can also use the location tag to restrict access based on the user roles when we have role based forms authentication.

 

<location path="ADMIN">

    <system.web>

      <authorization>

        <allow roles="ADMIN"/>

        <deny users="*"/>

      </authorization>

    </system.web>

  </location>

  <location path="Publishers">

    <system.web>

      <authorization>

        <allow roles="PUBLISHER, ADMIN"/>

        <deny users="*"/>

      </authorization>

    </system.web>

  </location>

 

The above setting will restrict users trying to access the Admin section and Publisher section until they are part of that role and allow users who are already part of the roles.

 

Note

The location element should be placed outside of the <system.web> element.

Recent Codes
  • View All Codes..