Setting authorization rules for a particular page or folder in web.config

I have seen so many people asking again and again how to give allow access to particular page to a person or roles. So I thought its good to put this in one place. I will discuss how to configure web.config depending on the scenario.

We will start with a web.config without any authorization and modify it on case by case bassis.

No Authorization

We will start with the root web.config without any authorization.

<configuration>

<system.web>

<authentication mode="Forms">

</authentication> </system.web>

</configuration>

Deny Anonymous user to access entire website

This is the case when you want everybody to login before the can start browsing around your website. i.e. The first thing they will see is a login page.

<system.web>

<authentication mode="Forms">

</authentication>

<authorization>

<deny users="?"/> //will deny anonymous users </authorization>

</system.web>

The above situation is good when user don't have to register themselves but instead their user account is created by some administrator.

Allow access to everyone to a particular page

     Sometimes you want to allow public access to your registeration page and want to restrict access to rest of the site only to logged / authenticated users .i.e. do not allow anonymous access. Say your registration page is called register.aspx in your site's root folder. In the web.config of your website's root folder you need to have following setup.

<configuration>

<system.web>

<authentication mode="Forms"/>

<
authorization> <deny users="?"/>  //this will restrict anonymous user access

</authorization>

</system.web>
<location path="register.aspx"> //path here is path to your register.aspx page e.g. it could be ~/publicpages/register.aspx
<system.web>
<authorization>

<allow users="*"/> // this will allow access to everyone to register.aspx

</authorization>

</system.web>

</location>

</configuration>

Till now we saw either allow users or to authenticated users only. But there could be cases where we want to allow particular user to certain pages but deny everyone else (authenticated as well as anonymous). 

To allow access to particular user only and deny everyone else

      Say you want to give access to user "John" to a particular page e.g. userpersonal.aspx and deny all others the location tag above should look like below:

<location path="userpersonal.aspx">
<system.web>
<authorization>

<allow users="John"/> // allow John ..note: you can have multiple users seperated by comma e.g. John,Mary,etc

<deny users="*"/>  // deny others

</authorization>

</system.web>

</location>

Allow only users in particular Role

Here I am will not show how to setup roles. I assume you have roles managment setup for users. We will see now what needs to be done in web.config to configure authorization for a particular role. e.g You have two roles. Customer and Admin and two folders CustomerFolder and AdminFolder. Users in Admin role can access both folders. Users in Customers role can access only CustomerFolder and not AdminFolder. You will have to add location tags for each folder path as shown below:

<location path="AdminFolder">

<system.web>

<authorization>

<allow roles="Admin"/> //Allows users in Admin role

<deny users="*"/> // deny everyone else

</authorization>

</system.web>

</location>

<location path="CustomerFolder">

<system.web>

<authorization>

<allow roles="Admin, Customers"/> //Allow users in Admin and Customers roles

<deny users="*"/> // Deny rest of all

</authorization>

</system.web>

</location>

Alternate way - using individual web.config for each Folder

Alternative to above mentioned method of using <location../> tag, you can add web.config to each folder and configure authorization accordingly almost similar to one show above but not using location tag. Taking same eg. as above. Add web.config to both the folders - AdminFolder and CustomerFolder.

Web.config in AdminFolder should look like:

<configuration>

<system.web>

<authorization>

<allow roles="Admin"/> //Allows users in Admin role

<deny users="*"/> // deny everyone else

</authorization>
</system.web>

</configuration>

Web.config in CustomerFolder should look like: 

<configuration>

<system.web>

<authorization>

<allow roles="Admin, Customers"/> //Allow users in Admin and Customers roles

<deny users="*"/> // Deny rest of all

</authorization>
</system.web>

</configuration>

Images and CSS files

Say you have all your images and CSS in a seperate folder called images and you are denying anonymous access to your website. In that case you might see that on your login page you cannot see images(if any) and css(if any) applied to your login page controls.

In that case you can add a web.config to the images and css folder and allow access to everyone to that folder. So your web.config in images folder should look as below:

<configuration>

<system.web>
<authorization>

<allow users="*"/> //Allow everyone

</authorization>

</system.web>

</configuration>

Common Mistakes

I have seen people complaining that they have setup their roles correctly and also made entry to their web.config but still their authorization doesn't work. Even they have allowed access to their role that user cannot access particular page/folder. The common reason for that is placing <deny../> before <allow ../>.

Say the web.config from AdminFolder as we have seen before is something like this:

//This web.config will not allow access to users even they are in Admin Role 

<configuration>

<system.web>

<authorization>

<deny users="*"/> // deny everyone else

<allow roles="Admin"/> //Allows users in Admin role

</authorization>

</system.web>

</configuration>

Since the authorization is done from top to bottom, rules are checked until a match is found. Here we have <deny users="*"/> first and so it will not check for allow any more and deny access even if in Admin role.

So PUT all allows BEFORE ANY deny.

NOTE: deny works the same way as allow. You can deny particular roles or users as per your requirement. 

Update: Issue with IIS 7

With IIS 7 you will have to give access to IUSR Anonymous user account to your folder that contains your css or images files. Check resource below.

I hope this will answer some of the question regarding how to authorize pages / folders(directories).

Comments welcome.

Resources

Published Monday, September 29, 2008 1:50 PM by guru_sarkar

Comments

# re: Setting authorization rules for a particular page or folder in web.config

Monday, February 9, 2009 12:55 AM by S.Mahathi

good article,very helpful

# re: Setting authorization rules for a particular page or folder in web.config

Thursday, February 12, 2009 5:00 AM by Majid

Its a very useful article. It have resolved all type of ambiguities.

# re: Setting authorization rules for a particular page or folder in web.config

Wednesday, February 18, 2009 9:32 PM by sio2y

Clean concise and best of all .... it works!

# re: Setting authorization rules for a particular page or folder in web.config

Tuesday, March 17, 2009 1:33 PM by ctrlaltdl

Great article, but I'm still confused about one thing.

How do I allow access to everyone except the one group?

This doesn't seem to work for me.

       <deny users="Sales"/>

       <allow users="*"/>

# re: Setting authorization rules for a particular page or folder in web.config

Tuesday, March 17, 2009 2:48 PM by ctrlaltdl

I figured it out.  I put deny first and change users to roles and added the domain name.

       <deny roles="DOMAIN\Sales"/>

       <allow users="*"/>

# re: Setting authorization rules for a particular page or folder in web.config

Thursday, March 26, 2009 12:36 PM by M Hooge

I use a different web.config for each folder with special access. For those who are denied access, how can I redirect them to a different page?

# re: Setting authorization rules for a particular page or folder in web.config

Thursday, March 26, 2009 4:15 PM by guru_sarkar

Hi M Hooge,

Check this: www.asp.net/.../tutorial-07-vb.aspx

# re: Setting authorization rules for a particular page or folder in web.config

Tuesday, May 19, 2009 10:30 AM by mgonzales3

multiple domains requires a better solution.  if app is accessed by more than one domain we shouldn't need dom1\Accounting, dom2\Accounting, dom3\Accounting.

# re: Setting authorization rules for a particular page or folder in web.config

Friday, May 29, 2009 7:05 PM by M E

Nice post.  Thanks.  Is it possible to store and maintain users, roles, page paths, passwords, etc., in a central location or database?

# re: Setting authorization rules for a particular page or folder in web.config

Monday, June 1, 2009 1:10 PM by guru_sarkar

Hi M E,

Yes it is possible to do what you are asking.

Check here: www.asp.net/.../security

# re: Setting authorization rules for a particular page or folder in web.config

Tuesday, August 18, 2009 10:11 AM by NitinSawant

thanks

# re: Setting authorization rules for a particular page or folder in web.config

Wednesday, September 23, 2009 6:05 AM by Subhra

Boss the below section denies for all users. Don't know for what reasons, tried much.

I am getting user validated and should not be authorised but its actually denying all.

see if you can sight any reasons.

<location path="userpersonal.aspx">

<system.web>

<authorization>

<allow users="John"/> // allow John ..note: you can have multiple users seperated by comma e.g. John,Mary,etc

<deny users="*"/>  // deny others

</authorization>

</system.web>

</location>

# re: Setting authorization rules for a particular page or folder in web.config

Wednesday, September 23, 2009 3:03 PM by guru_sarkar

Subhra,

The settings you are pointing to  should allow user who is logged-in with username "John" and deny rest.

Make sure user 'John' is in fact authenticated.

May be you might want to provide  more details.

# re: Setting authorization rules for a particular page or folder in web.config

Sunday, September 27, 2009 3:51 PM by sukumarraju

Hi Guru

It is very helpful article. Can I know how you managed to get source code in blog? When i tried using Live writer, i could not figure out the any tool to publish source code. It simply publishing as Text.

# re: Setting authorization rules for a particular page or folder in web.config

Thursday, October 1, 2009 5:03 PM by guru_sarkar

sukumarraju,

I think I just copy-pasted from VS source code file and the colors etc. was taken up by editor. I don't remember of using any tool like they have on asp.net Forums site.

# re: Setting authorization rules for a particular page or folder in web.config

Tuesday, December 1, 2009 12:21 PM by vision

thanx

# re: Setting authorization rules for a particular page or folder in web.config

Friday, January 22, 2010 9:57 AM by Deângelo

Very usefull this blog, tnks.

# re: Setting authorization rules for a particular page or folder in web.config

Thursday, January 28, 2010 1:09 AM by sachinr_33

Much needed article

# re: Setting authorization rules for a particular page or folder in web.config

Sunday, April 11, 2010 9:59 AM by Nimrod

Great article, this doesn't work with Firefox using IIS 7.5

# re: Setting authorization rules for a particular page or folder in web.config

Monday, April 12, 2010 11:21 AM by guru_sarkar

Nimrod,

Can you provide more info on that...as there should be something else going on and not the configurations in web.config....

# re: Setting authorization rules for a particular page or folder in web.config

Monday, April 12, 2010 1:04 PM by Viswas

The articles is very good , easily understandable and very useful.

# re: Setting authorization rules for a particular page or folder in web.config

Tuesday, June 29, 2010 9:44 AM by james

excellent piece.. short concise and to the point.. thanks

# re: Setting authorization rules for a particular page or folder in web.config

Thursday, July 15, 2010 4:58 AM by Lax

Thanks for such a useful article.

# re: Setting authorization rules for a particular page or folder in web.config

Saturday, November 20, 2010 3:55 PM by Sudarsan

Great.  Images and CSS not getting applied is solved after reading and understanding the article. Also, how to configure various users and roles based authorization is clearly explained.  Thank you for the article.

Sudar

# re: Setting authorization rules for a particular page or folder in web.config

Monday, January 3, 2011 2:06 AM by Sumit Bhatnagar

The article is concise but covers the topic in great detail. It's like a one-stop-shop article. Helped me a lot. Thanks. Expecting more such CONCISE articles.

# re: Setting authorization rules for a particular page or folder in web.config

Sunday, February 6, 2011 11:41 PM by rahul

This Is very useful artical for making authentication................thanks

# re: Setting authorization rules for a particular page or folder in web.config

Wednesday, March 23, 2011 12:26 PM by Camilo

Excellent article, just what I needed. Thank you so much!

# re: Setting authorization rules for a particular page or folder in web.config

Thursday, March 24, 2011 2:25 PM by MJ

The articles is very good , easily understandable and very useful.

# re: Setting authorization rules for a particular page or folder in web.config

Friday, March 25, 2011 12:10 PM by Sergio Aparicio

muy buen aporte ,me sirvio de gran ayuda

excelente

# re: Setting authorization rules for a particular page or folder in web.config

Wednesday, May 4, 2011 8:29 AM by Felix

Great Post!

Thanks and best regards!

# re: Setting authorization rules for a particular page or folder in web.config

Sunday, May 22, 2011 11:22 PM by weblogs.asp.net

Setting authorization rules for a particular page or folder in web config.. Outstanding :)

# re: Setting authorization rules for a particular page or folder in web.config

Thursday, June 16, 2011 6:51 AM by urac12

I've putted my pages authorization in main web.config file but its not working,

i've 1 page inside Forms folder which is Test.aspx

in my root web.config before </configuration> i've putted the below tag

 <location path="~/Forms/Test.aspx">

   <system.web>

     <authorization>

       <deny users="*"/>

       <allow users="admin"/>

     </authorization>

   </system.web>

 </location>

i've 2 users admin and user, on Test.aspx when i select View in Browser it shows me Login page which is correct but when i login through any account admin/user it is showing me Test.aspx which is wrong, Test.aspx should only be seen by admin

can anyone please tell me what i am missing here

# re: Setting authorization rules for a particular page or folder in web.config

Thursday, June 16, 2011 12:41 PM by guru_sarkar

urac12,

Have you configured the forms authentication correctly? Because with your current setting I see it will deny everyone to view Test.aspx.

And your authorization order should be like this:

<authorization>

   <allow users="admin"/>

   <deny users="*"/>

</authorization>

# re: Setting authorization rules for a particular page or folder in web.config

Thursday, June 30, 2011 2:48 PM by DB

Thank you so much for this!  I've been trying to figure out how to do individual security and I'd find a partial example with the <location> then an example with the separate web.config.  I couldn't figure out which was right.  :)  Thanks to you, I now know they are both different ways of doing it.  That's the biggest problem I have with microsoft....many ways to do one thing and rarely does one bother to compare them.

# re: Setting authorization rules for a particular page or folder in web.config

Wednesday, July 13, 2011 2:10 PM by basam nath

Great Article..

Thanks

# re: Setting authorization rules for a particular page or folder in web.config

Sunday, July 17, 2011 10:26 AM by sudeep_13

very helpful indeed

# re: Setting authorization rules for a particular page or folder in web.config

Wednesday, August 17, 2011 2:32 AM by sunita

thanks...it helped me lot.

# re: Setting authorization rules for a particular page or folder in web.config

Thursday, August 18, 2011 2:10 PM by Sergio

Hi,

We have two name groups like BB Staff or IS Group. allow/deny doesn't seem to work with spaces.

Is there a way to substitute spaces?

Thanks

p.s. Great article

# re: Setting authorization rules for a particular page or folder in web.config

Friday, August 19, 2011 11:59 AM by guru_sarkar

Sergio,

I never came across that but quick search gave this: forums.asp.net/.../1

Let me know if that doesn't help and I will do some testing.

# re: Setting authorization rules for a particular page or folder in web.config

Monday, September 5, 2011 9:29 AM by rboerdijk

Great article - especially your tip about the 'allow/deny'-order - thanks!

# re: Setting authorization rules for a particular page or folder in web.config

Monday, September 19, 2011 7:43 AM by Saeed Neamati

This is very helpful. It prevents you from creating a highly complex, nested file system structure in order to apply different configuration settings on the content on that folder. However, I still don't know whether we can use a location element for "2" files or not. For example, can we have something like this:

<location path='register.aspx, ~/en/eula.aspx'>

# re: Setting authorization rules for a particular page or folder in web.config

Monday, September 19, 2011 12:26 PM by guru_sarkar

Saeed Neamati,

No you can't used multiple locations in path. The best way is to put the files in one folder(if feasible) otherwise you will have to add separate location element for each path.

# re: Setting authorization rules for a particular page or folder in web.config

Tuesday, November 1, 2011 5:32 PM by Raj

In webservice web.config the following gives an error as shown below.

<authorization>

   <allow roles="Domain\AD-group-name"/>

   <deny users="*"/>

</authorization>

-----------

Error:-

Access is denied.

Description: An error occurred while accessing the resources required to serve this request. The server may not be configured for access to the requested URL.

Error message 401.2.: You do not have permission to view this directory or page using the credentials you supplied.

----------

# re: Setting authorization rules for a particular page or folder in web.config

Wednesday, November 2, 2011 6:09 AM by AbdulAR

Very good article.

# re: Setting authorization rules for a particular page or folder in web.config

Saturday, November 19, 2011 6:56 PM by Nebert

You simplified the stuff than anyone out there

# re: Setting authorization rules for a particular page or folder in web.config

Thursday, January 5, 2012 8:19 PM by Barry

Thank you for a great lesson!  Very well written.

My problem is, I can enter into a browser the full url of an Adobe Acrobat *.pdf located in a "protected" directory, and the file will come right up?

How can I use the deny anonymous user command to prevent this?

Thanks in advance.

I am trying to create a simple

# re: Setting authorization rules for a particular page or folder in web.config

Friday, January 6, 2012 3:51 AM by AL

Thanks for this article. very helpful. More power

# re: Setting authorization rules for a particular page or folder in web.config

Monday, January 9, 2012 2:38 AM by Ashraf Morad

Great article thanks

# re: Setting authorization rules for a particular page or folder in web.config

Thursday, January 12, 2012 9:14 PM by Ashok kumar

Very good article but I have to check for all condition.

# re: Setting authorization rules for a particular page or folder in web.config

Monday, January 23, 2012 1:28 PM by guru_sarkar

@Barry

.pdf files will not be secured via these setting unless you tell IIS to treat them as .aspx files. Search for "Securing non-asp.net files" and you should get good articles.

# re: Setting authorization rules for a particular page or folder in web.config

Wednesday, February 8, 2012 5:42 AM by James

access deny! i think login page is needed in other to type the user "john". nice article thanks.

# re: Setting authorization rules for a particular page or folder in web.config

Saturday, March 24, 2012 6:23 AM by Krishna

Hiii This is Krishna... Ur Answers which are Multiple for "Setting authorization rules for a particular page or folder in web.config" is Very much useful in my projects...

Thanks Alot....

U r Great...?

Plz dont quit posting...!!!

# re: Setting authorization rules for a particular page or folder in web.config

Sunday, April 1, 2012 5:47 AM by Stan

Excellent article!

# re: Setting authorization rules for a particular page or folder in web.config

Monday, April 2, 2012 2:20 AM by rupinder

nice work , it really helped me lot

# re: Setting authorization rules for a particular page or folder in web.config

Wednesday, April 4, 2012 9:32 PM by MrEd

Great article, save my life today :)

thanks....

# re: Setting authorization rules for a particular page or folder in web.config

Friday, April 27, 2012 4:12 AM by sanchita

gr8 artical thanx.......

# re: Setting authorization rules for a particular page or folder in web.config

Monday, May 21, 2012 8:17 AM by Zeni

Very helpful, thank you for the article.

# re: Setting authorization rules for a particular page or folder in web.config

Thursday, July 26, 2012 11:23 PM by neeraj bhushan

very helpful any beginner would be looking for such a thing/information. Thanks

# re: Setting authorization rules for a particular page or folder in web.config

Monday, September 10, 2012 6:38 AM by r-a-l-p-h

after i create all of this code in different folder , my question Sir Sarkar is

how can i add the user in their Roles who successfully logged in in my site

ex. User:      Robert

   Password:  Guest

how can i add Robert to Guest Roles can to restrict or access admin folder ones he logged in ? I use Visual Basic.

Thanks Sir.

# re: Setting authorization rules for a particular page or folder in web.config

Thursday, October 18, 2012 1:29 AM by sonal

Very nice article and too good description.

Solved my issue. Thanks a lot!!!!

# re: Setting authorization rules for a particular page or folder in web.config

Thursday, November 22, 2012 5:08 PM by Shanmuk

Great article.I ahd one requirement.My Web app uses windows authentication and uploads file to server.

The uploaded files are to saved to different directories based on username.How can i restrict a user to upload files only to one particular container by changing settings in web.config.

Please help me in this scenario

My mail id is bshanmukeshwar@live.com

# re: Setting authorization rules for a particular page or folder in web.config

Monday, January 7, 2013 3:49 PM by Caolong

I have a folder called reports with sub folders. Each folder has a webconfig file which specifies user access. This webconfig work on my local machine but not the server. Any ideas?

# re: Setting authorization rules for a particular page or folder in web.config

Tuesday, January 8, 2013 6:25 PM by guru_sarkar

Caolong,

What kind of authentication and authorization are you using? If you are using built-in membership and roles providers make sure they are properly configured.

# re: Setting authorization rules for a particular page or folder in web.config

Friday, February 1, 2013 12:51 PM by Dinesh Gupta

Great888!!!!!!  :)

I was confused since last 2 years..........now feeling good :)

Thanks!

# re: Setting authorization rules for a particular page or folder in web.config

Sunday, February 17, 2013 8:36 AM by naji

thanks.

Is it possible to define 1 user in web.config and allow him to a specific folder like admin?

# re: Setting authorization rules for a particular page or folder in web.config

Wednesday, February 27, 2013 12:53 PM by guru_sarkar

naji,

yes...There's one example above.

# re: Setting authorization rules for a particular page or folder in web.config

Friday, May 17, 2013 11:38 AM by Joe Weber

I have a set of folders where I have

       <allow users="domain\user1, domain\user2, domain\user3, domain\user4" />

           <deny users="*" />

This works perfectly.  But I copied the entire set of folders and files to the same server but the access fails with a 401-unauthorized error.  What am I missing?

# re: Setting authorization rules for a particular page or folder in web.config

Thursday, May 23, 2013 11:26 AM by guru_sarkar

Joe,

With forms authentication I believe you should be redirected to your login page ideally.

Is the access denied to the user1, etc. or to some other asp.net Network/Service account?

# re: Setting authorization rules for a particular page or folder in web.config

Monday, May 27, 2013 8:51 AM by Santosh Biradar

Ultimate article... Is it possible to show how to assign the roles to each user when they log in ?

# re: Setting authorization rules for a particular page or folder in web.config

Monday, May 27, 2013 12:50 PM by jcanez

hi, how the system knows which role the user who is accessing it?

how to manage the roles?

# re: Setting authorization rules for a particular page or folder in web.config

Tuesday, May 28, 2013 5:19 PM by guru_sarkar

Santosh,

Do you mean brand new roles when a user is created or retrieving roles upon login?

Refer this tutorial: www.asp.net/.../creating-and-managing-roles-cs

# re: Setting authorization rules for a particular page or folder in web.config

Tuesday, May 28, 2013 5:20 PM by guru_sarkar

jcanez,

Please check this tutorial: www.asp.net/.../creating-and-managing-roles-cs

Also check this video: www.asp.net/.../how-do-i-secure-my-site-using-membership-and-roles

# re: Setting authorization rules for a particular page or folder in web.config

Thursday, June 27, 2013 2:34 PM by Carlos

You have saved my day!

Thanks!

# re: Setting authorization rules for a particular page or folder in web.config

Wednesday, July 3, 2013 2:24 AM by Shraddha

Please tell me how can I add these tags from code behind.

# re: Setting authorization rules for a particular page or folder in web.config

Wednesday, July 3, 2013 12:38 PM by guru_sarkar

Shraddha,

Check these:

weblogs.asp.net/.../changing-user-password-in-web-config.aspx

stackoverflow.com/.../modify-web-config-via-c-sharp-insert-above-a-particular-line

# re: Setting authorization rules for a particular page or folder in web.config

Monday, August 5, 2013 12:32 PM by Ron

Thanks a ton - appreciate the great detail and this helped me fix my issue!

# re: Setting authorization rules for a particular page or folder in web.config

Tuesday, October 8, 2013 9:22 PM by Kevin

I have Default.aspx and web.config in root folder.

I added these lines in the web.config:

<system.web>

  <authentication mode="Forms">

     <forms loginUrl="~/account/login" timeout="2880" path="/" />

  </authentication>

  <authorization>

   <deny users="?" />

 </authorization>

</system.web>

<location path="Default.aspx">

 <system.web>

   <authorization>

     <allow users="*" />

   </authorization>

 </system.web>

</location>    

I did exactly as shown in the article. However, when i navigated to Default.aspx --> I was taken to the login page. It's denying access. Any idea what i did wrong there?

# re: Setting authorization rules for a particular page or folder in web.config

Thursday, October 10, 2013 6:11 PM by guru_sarkar

Kevin,

I don't see anything wrong in the settings. Is that an asp.net MVC app?

# re: Setting authorization rules for a particular page or folder in web.config

Friday, March 14, 2014 2:41 PM by Matt

So frustrating! I had deny BEFORE allow and spent a day beating my head against a wall before I figured it out.

# re: Setting authorization rules for a particular page or folder in web.config

Wednesday, April 2, 2014 3:21 PM by MR

Yousay "put all allows before deny, but that is WRONG.  You need to have any <deny users="?" /> first before allows (even if at a higher level) or you won't even have the user authenticated.  And there are good reasons to have a deny first.  Say you want to deny one specific group, but then allow anyone else.  Since it processes in order until a match is found you NEED the deny before the allow or a user that falls in both groups would be allowed in, even if you are trying to deny everyone in a certain group and they belong to that group.

# re: Setting authorization rules for a particular page or folder in web.config

Tuesday, April 8, 2014 2:34 AM by Girish C S

How can i check this in c# code?

# re: Setting authorization rules for a particular page or folder in web.config

Thursday, April 10, 2014 12:51 PM by guru_sarkar

MR,

That's a general rule based on how the rules are scanned from top to bottom. But if putting deny first in your case makes sense, you can use it.

# re: Setting authorization rules for a particular page or folder in web.config

Thursday, April 10, 2014 12:52 PM by guru_sarkar

@Girish,

What exactly you want to check in C# code? You can check Request.IsAuthenticated to check is user is authenticated. You can use User.IsInRole or built-in asp.net Roles.IsUserInRole fro checking authorization.

# re: Setting authorization rules for a particular page or folder in web.config

Thursday, April 17, 2014 3:42 PM by Tim

God bless you. I have struggled with this for two days.

Leave a Comment

(required) 
(required) 
(optional)
(required)