Export (0) Print
Expand All
0 out of 2 rated this helpful - Rate this topic

deny Element for authorization (ASP.NET Settings Schema)

Adds to the mapping of authorization rules an authorization rule that denies access to a resource.

configuration Element (General Settings Schema)
  system.web Element (ASP.NET Settings Schema)
    authorization Element (ASP.NET Settings Schema)
      deny Element for authorization (ASP.NET Settings Schema)
<deny 
  users="comma-separated list of users"
  roles="comma-separated list of roles"
/>

The following sections describe attributes, child elements, and parent elements.

Attributes

Attribute

Description

users

Required String attribute.

A comma-separated list of user names that are denied access to the resource. A question mark (?) denies anonymous users and an asterisk (*) indicates that all user accounts are denied access.

roles

Required String attribute.

A comma-separated list of roles that are denied access.

verbs

Optional String attribute.

A comma-separated list of HTTP transmission methods that are granted access to the resource.

Verbs that are registered to ASP.NET are GET, HEAD, POST, and DEBUG.

Child Elements

None.

Parent Elements

Element

Description

configuration

Specifies the required root element in every configuration file that is used by the common language runtime and the .NET Framework applications.

system.web

Specifies the root element for the ASP.NET configuration settings in a configuration file and contains configuration elements that configure ASP.NET Web applications and control how the applications behave.

authorization

Configures the authorization for a Web application. The authorization element controls client access to URL resources. This element can be declared at any level (machine, site, application, subdirectory, or page).

The deny element adds to the mapping of authorization rules that is stored in the authorization element an authorization rule that denies access to a resource.

The authorization element configures the authorization for a Web application, controlling client access to URL resources. For the required attributes, you can use either the users or roles attribute or both.

At run time, the authorization module iterates through the allow and deny elements, starting at the most local configuration file, until the authorization module finds the first access rule that fits a particular user account. Then, the authorization module grants or denies access to a URL resource depending on whether the first access rule found is an allow or a deny rule. The default authorization rule is <allow users="*"/>. Thus, by default, access is allowed unless configured otherwise.

In order to facilitate deployment, the period (.) shortcut notation for the current computer is supported. This allows you to prefix each user or role with a period-backslash sequence (.\), as follows:

<allow roles=".\roleName"/>
<allow users=".\userName"/>

At run time, the period-backslash (.\) sequences are substituted with "localmachinename\" sequences. The substitution is done only if a Windows identity is being used with the request. This is to avoid conflicts in case the period-backslash (.\) sequences are used in arbitrary roles with custom principals.

Because the authorization element does not represent a collection, there are no clear or remove child elements. To clear the mappings of authorization rules, use the Clear and Remove method that are defined by the AuthorizationRuleCollection class.

The following code example demonstrates how to allow access to all members of the Admins role and deny access to all other user accounts.

<configuration>
  <system.web>
    <authorization>
      <allow roles="admins"/>
      <deny users="*"/>
    </authorization>
  </system.web>
</configuration>

Configuration section handler

AuthorizationSection

Configuration member

AuthorizationRuleCollection

Configurable locations

Machine.config

Root-level Web.config

Application-level Web.config

Virtual or physical directory–level Web.config

Requirements

Microsoft Internet Information Services (IIS) version 5.0, 5.1, or 6.0

The .NET Framework version 1.0, 1.1, or 2.0

Microsoft Visual Studio 2003 or Visual Studio 2005

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.