UrlAuthorizationModule.CheckUrlAccessForPrincipal Method (String, IPrincipal, String)


The .NET API Reference documentation has a new home. Visit the .NET API Browser on docs.microsoft.com to see the new experience.

Determines whether the user has access to the requested file.

Namespace:   System.Web.Security
Assembly:  System.Web (in System.Web.dll)

[SecurityPermissionAttribute(SecurityAction.Demand, Unrestricted = true)]
public static bool CheckUrlAccessForPrincipal(
	string virtualPath,
	IPrincipal user,
	string verb


Type: System.String

The virtual path to the file.

Type: System.Security.Principal.IPrincipal

An IPrincipal object representing the current user.

Type: System.String

The HTTP verb used to make the request.

Return Value

Type: System.Boolean

true if the current user can access the file; otherwise, false.

Exception Condition

virtualPath is null.

- or -

user is null.

- or -

verb is null.


virtualPath is outside of the application root path.

The CheckUrlAccessForPrincipal method checks to see whether the current user is granted access to the requested file in the Web.config file for the application.

If the HTTP verb used to make the request is GET, POST, or HEAD, the CheckUrlAccessForPrincipal method checks for read access to the file. If any other verb is used, the CheckUrlAccessForPrincipal checks for read/write access to the file.

For more information and an example Web.config file, see the UrlAuthorizationModule class documentation.

.NET Framework
Available since 2.0
Return to top