Here’s is an article saying, how to use the Authorization Tag in Web.Config
As per the MSDN Articles, the Location>Authorization Mechanism works on a TOP to DOWN Approach. As if we consider the case, where we need to Define Separate Roles for Folders in the Root Directory.
Application Root >> Members (Premium Paid) --- this folder is for the users, who are registered with site and have paid some amount for some services, and contains the relevant files or pages.
Application Root >> Admin --- this folder is for the Site Admin
Application Root >> Members (Non-paid Members) --- this folder is for the users, who have not paid for any special or paid service but still they are registered with the site for services like Newsletter or Blogging etc.
For this case we need to do the following :
1. Implement the Same Forms Authentication for ASP.NET Login Control
2. Add Location tag for Members(Premium Paid) as :
<location path=”Members(Premium Paid)”>
<authorization>
<allow roles=”Premium_Paid_Members” /> ---- Allow the desired role first
<deny users=”*” /> --- now Deny all roles and users, this follows the TOP to DOWN approach
<deny roles=”*” /> --- now Deny all roles and users, this follows the TOP to DOWN approach
</authorization>
</location>
3. Add Location tag for Admin as :
<location path=”Admin”>
<authorization>
<allow roles=”Admin” /> ---- You may add verbs as per the requirement like for Only Post Data (verbs=”post”)
<deny users=”*” />
<deny roles=”*” /> --- now Deny all roles and users, this follows the TOP to DOWN approach
</authorization>
</location>
4. Add Location tag for Admin as :
<location path=” Members (Non-paid Members)”>
<authorization>
<allow roles=”Members” />
<deny users=”*” />
<deny roles=”*” /> --- now Deny all roles and users, this follows the TOP to DOWN approach
</authorization>
</location>
Conclusion : we must allow the desired Roles or the Users before denying all users and roles on the folder, so that proper access for all the folders can be maintained at same time.
