Authorization Tab, ASP.NET Configuration Settings Dialog Box

The Authorization tab of the ASP.NET Configuration Settings dialog box lets you manage authorization rules for the current Web site directory based on user accounts and roles. You can create user accounts and roles by using Microsoft Windows authentication or ASP.NET Forms authentication (ASP.NET membership). You can add, edit, or remove rules for the current Web site directory. Rules are applied to the current subdirectory and all child subdirectories of the current URL unless otherwise overwritten by a configuration file setting in the child subdirectory.

Note

The MMC snap-in for ASP.NET works with IIS 6.0 or earlier. The IIS 7.0 administration tool includes the functionality of the ASP.NET MMC tool. For more information, see ASP.NET and IIS Configuration.

Inherited rules from the Machine.config configuration file and any parent virtual directory also appear, but cannot be edited. To change the effect of inherited rules, you can create new settings at the Web site level. Application settings are always stored as strings.

The settings that you make on the Authorization tab apply to the Web site that you selected before displaying the Properties dialog box.

Note

Configuration settings can be inherited. Settings can be defined in the Machine.config file, which acts as the base configuration for all Web sites on the server. For more information about ASP.NET configuration files, see ASP.NET Configuration File Hierarchy and Inheritance.

For information about ASP.NET Configuration Settings, see ASP.NET Configuration Overview

To open the Authorization dialog box

  1. In Windows, open Administrative Tools, and then click Internet Information Services (IIS) Manager.

    IIS Manager appears.

  2. Under Internet Information Services, expand Servername (local computer), expand Web Sites, right-click either Websitename or Default Website, and then click Properties.

    The Web Site Properties dialog box appears.

  3. Click the ASP.NET tab, and then click Edit Configuration.

  4. The ASP.NET Configuration Settings dialog box appears.

  5. Click the Authorization tab.

Tasks

The Authorization tab lets you complete the following tasks:

  • View authorization rules that are defined in all inherited configuration files, including the Machine.config file.

  • Add, edit, and remove authorization rules for the current Web site directory.

Rule Precedence

Authorization rules are applied in order, from top to bottom. In some cases, you might have to create multiple rules for the same folder in order to establish the correct permissions. For example, you might create a rule that denies access to anonymous user accounts and a second rule that denies access to user accounts in the role of Guest. That way, only users who are logged on (users who are not anonymous) and in another group (not Guest) can gain access the folder.

Web.config Settings

The Web.config settings that are managed through the Security tab are the authorization, roleManager, and authentication sections.

The following excerpt from a Web.config file restricts access to a subdirectory of the Web site. Access to the restricted subdirectory is allowed for administrators and for the user named John, and is denied for anonymous users.

<?xml version="1.0" encoding="utf-8"?>
<configuration>
    <system.web>
        <authorization>
            <allow roles="administrators" />
            <allow users="John"/>
            <deny users="?" />
        </authorization>
    </system.web>
</configuration>

UI Elements

  • Inherited authorization rules
    Lists the inherited authorization rules that are defined in the Machine.config file or any parent virtual directory, as defined in ASP.NET Configuration File Hierarchy and Inheritance. Inherited settings are italic and inherited settings that you have overridden are bold.

  • Local authorization rules
    Lists the authorization rules that are applied to the current Web site directory and to all its child directories.

  • Add
    Click to open the Edit Rule Dialog Box to create a new rule.

  • Edit
    Click to open the Edit Rule Dialog Box to edit the selected rule.

  • Remove
    Click to delete the selected row from Local authorization rules.

See Also

Tasks

How to: Access ASP.NET Configuration Settings Programmatically

Reference

Authentication Tab, ASP.NET Configuration Settings Dialog Box

Locations Tab, ASP.NET Configuration Settings Dialog Box

connectionStrings Element (ASP.NET Settings Schema)

appSettings Element (General Settings Schema)

Concepts

ASP.NET Configuration Overview

Other Resources

MMC Snap-In for ASP.NET