Export (0) Print
Expand All
1 out of 11 rated this helpful - Rate this topic

Authorization Tab, ASP.NET Configuration Settings Dialog Box

The Authorization tab of the ASP.NET Configuration Settings dialog box lets you manage authorization rules for the current Web site directory based on user accounts and roles. You can create user accounts and roles by using Microsoft Windows authentication or ASP.NET Forms authentication (ASP.NET membership). You can add, edit, or remove rules for the current Web site directory. Rules are applied to the current subdirectory and all child subdirectories of the current URL unless otherwise overwritten by a configuration file setting in the child subdirectory.

Inherited rules from the Machine.config configuration file and any parent virtual directory also appear, but cannot be edited. To change the effect of inherited rules, you can create new settings at the Web site level. Application settings are always stored as strings.

The settings that you make on the Authorization tab apply to the Web site that you selected before displaying the Properties dialog box.

NoteNote

Configuration settings can be inherited. Settings can be defined in the Machine.config file, which acts as the base configuration for all Web sites on the server. For more information about ASP.NET configuration files, see ASP.NET Configuration File Hierarchy and Inheritance.

To open the Authorization dialog box
  1. In Windows, open Administrative Tools, and then click Internet Information Services (IIS) Manager.

    IIS Manager appears.

  2. Under Internet Information Services, expand Servername (local computer), expand Web Sites, right-click either Websitename or Default Website, and then click Properties.

    The Web Site Properties dialog box appears.

  3. Click the ASP.NET tab, and then click Edit Configuration.

  4. The ASP.NET Configuration Settings dialog box appears.

  5. Click the Authorization tab.

Tasks

Using the Authorization tab, you can do the following:

  • View authorization rules that are defined in all inherited configuration files, including the Machine.config file.

  • Add, edit, and remove authorization rules for the current Web site directory.

Rule Precedence

Authorization rules are applied in order, from top to bottom. In some cases, you might have to create multiple rules for the same folder in order to establish the correct permissions. For example, you might create a rule that denies access to anonymous user accounts and a second rule that denies access to user accounts in the role of Guest. That way, only users who are logged on (users who are not anonymous) and in another group (not Guest) can gain access the folder.

Web.config Settings

The Web.config settings that are managed through the Security tab are the <authorization>, <roleManager>, and <authentication> sections.

The following excerpt from a Web.config file restricts access to a subdirectory of the Web site. Access to the restricted subdirectory is allowed for administrators and for the user named John, and is denied for anonymous users.

<?xml version="1.0" encoding="utf-8"?>
<configuration>
    <system.web>
        <authorization>
            <allow roles="administrators" />
            <allow users="John"/>
            <deny users="?" />
        </authorization>
    </system.web>
</configuration>

UI Elements

Inherited authorization rules

Lists the inherited authorization rules that are defined in the Machine.config file or any parent virtual directory, as defined in ASP.NET Configuration File Hierarchy and Inheritance. Inherited settings are italic and inherited settings that you have overridden are bold.

Local authorization rules

Lists the authorization rules that are applied to the current Web site directory and to all its child directories.

Add

Click to open the Edit Rule Dialog Box to create a new rule.

Edit

Click to open the Edit Rule Dialog Box to edit the selected rule.

Remove

Click to delete the selected row from Local authorization rules.

See Also

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.