Specifies that access to a resource is denied.
<deny users="comma-separated list of users" roles="comma-separated list of roles"/>
|Users||A comma-separated list of user names that are denied access to the resource. A question mark (?) denies anonymous users and an asterisk (*) indicates that all users are denied access.|
|Roles||A comma-separated list of roles that are denied access.|
At run time, the authorization module iterates through the <allow> and <deny> tags until it finds the first access rule that fits a particular user. It then grants or denies access to a URL resource depending on whether the first access rule found is an <allow> or a <deny> rule. The default authorization rule in the Machine.config file is <allow users="*"/> so, by default, access is allowed unless configured otherwise.
The following example allows access to all members of the
Admins role and denies access to all users.
<configuration> <system.web> <authorization> <allow roles="Admins"/> <deny users="*"/> </authorization> </system.web> </configuration>
Contained Within: <system.web>
Web Platform: IIS 5.0, IIS 5.1, IIS 6.0
Configuration File: Machine.config, Web.config
Configuration Section Handler: System.Web.Configuration.CustomErrorsConfigHandler