ASP.Net configure page-level security

Posted on Thursday, June 25, 2009 by Nicki

Did you know that you can configure security on a page level instead of on a folder level, like the custom tool in Visual Studio does?


Here's how:

Outside the section in the Web.config, add a location tag and configure the required security for the location.

Example:
<location path="Default.aspx">
<system.web>
<authorization>
<allow roles="Users"/>
<deny users="*"/>
</authorization>
</system.web>
</location>

This is all in the main Web.config file, so it does not require a folder per role with its own Web.config for which you want to secure pages, reducing the deployment complexity.

You can specify a directory in the path attribute, which will then apply all settings to that directory. It seems that you can also have nested <location> tags, so you can define a <location> tag for a directory, and then define a <location> tag for each page in the folder, each with its own settings. I think it is brilliant!

I found some details on the subject here. You can find the reference in the MSDN library here.

 

0 Responses to "ASP.Net configure page-level security":

Post a Comment

Subscribe to: Post Comments (Atom)