AuthorizationSection Class
Assembly: System.Web (in system.web.dll)
The AuthorizationSection class provides a way to programmatically access and modify the authorization section of a configuration file.
This type is part of a group that includes the AuthorizationRule, the AuthorizationRuleCollection, and the AuthorizationRuleAction types.
Note: |
|---|
|
The AuthorizationSection can read and write information from and to the related section of the configuration file according to the section property AllowDefinition whose value is Everywhere. |
The following code example shows how to obtain the AuthorizationSection object from the configuration file of an existing Web application. You can use this object to access its members. The configuration file will contain a setup similar to the following.
Note: |
|---|
|
If you use the credentials section, be sure to follow the guidelines explained at ASP.NET Authentication. For scalability and better security capability, it is recommended that you use an external database to store the users' credentials. For more information about building secure ASP.NET applications, search the Microsoft MSDN Web site (msdn.microsoft.com) for "Securing Your ASP.NET Application" and "Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication." |
<authorization> <allow users="userName" roles="admin" verbs="post" /> <deny users="*" verbs="post"/> </authorization>
// Get the Web application configuration. System.Configuration.Configuration configuration = WebConfigurationManager.OpenWebConfiguration( "/aspnetTest");
System.Configuration.ConfigurationElement
System.Configuration.ConfigurationSection
System.Web.Configuration.AuthorizationSection
Note: