Web.config Authorization Help

  • Thread starter Thread starter Craig
  • Start date Start date
C

Craig

I have a web app where one page should be publicly accessable and another
restricted to a certain local group (integrated windows auth)

How can I do this in a web.config? Can I specify different authorization
settings per file? per folder? (i.e. create an /admin folder for private
content?)

TIA,
Craig
 
Hi,

you can set different authorizations at file and at folder level by using
<location> tag. it is put outside the <system.web> element of the web.config
(if you put it on the same general root web.config file)


<configuration>
....
<!-- Normal config here //-->
<system.web>
....
</system.web>
<!-- Page-specific setting here //-->
<location path="page.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
</configuration>

This for example grants access for 'page.aspx' for all users despite are
they authenticated or not. If you need to set it for a folder, just replace
the page name with the folder name.
 
Perfect! Thanks for the help...

Teemu Keiski said:
Hi,

you can set different authorizations at file and at folder level by using
<location> tag. it is put outside the <system.web> element of the web.config
(if you put it on the same general root web.config file)


<configuration>
...
<!-- Normal config here //-->
<system.web>
...
</system.web>
<!-- Page-specific setting here //-->
<location path="page.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
</configuration>

This for example grants access for 'page.aspx' for all users despite are
they authenticated or not. If you need to set it for a folder, just replace
the page name with the folder name.
Click to expand...
 
Back
Top