Online reference for ASP.NET security?

Printable View

Mar 2nd, 2004, 12:27 PM
wey97

Online reference for ASP.NET security?

Is there a good online reference for setting up ASP.NET security?

I've modified the web.config file of my application like so:

Code:

<authentication mode="Windows" /> <authorization> <deny users="?" />  <allow users="my_domain\my_username" /> </authorization>

This seems to have no effect because other users besides me can still access the application.
Mar 3rd, 2004, 10:25 AM
wey97

This works.

PHP Code:

<authentication mode="Windows" /> <authorization> <allow users="my_domain\\my_username" /> <deny users="*" /> </authorization>

I thought the <deny users="*" /> would override the rest but if <allow users="whoever" /> is listed first it overrides the next.

I've found the best thing to do is put <deny users="*" /> in machine.config then allow whatever permissions in the web.config of each individual app.

Hope this helps.

All times are GMT -5. The time now is 10:49 AM.