locked
about web.config and set authorization by roles RRS feed

  • Question

  • User1366894300 posted

    I have this web.config file and file named CheckOut.aspx in the same folder.

    <?xml version="1.0" encoding="utf-8"?>
    <configuration>
      <system.web>
        <authorization>
          <allow roles="operator" />
          <allow roles="administrator" />
          <deny users="?" />
        </authorization>
      </system.web>
    </configuration>

    When I try to access CheckOut without being logged in I'm redirected to my login page.If I for example assign role administrator to my user name tony and try again without being logged in I'm still redirected to my login page.
    Is that how it works. I thought that if I have the role administrator I could access the page CheckOut without being looged in.

    So can somebody explain what rules is existen for access the page CheckOut ?


    //tony

    Friday, April 4, 2014 10:17 AM

Answers

  • User724169276 posted

    Tojo

    Is that how it works. I thought that if I have the role administrator I could access the page CheckOut without being looged in.

    Hello Tojo,

    authorization doesnt work like how you expected here.the word <deny users="?" /> means deny or disallow anonymous users ,so if you are not logged in it will redirect you back to login page.Before proper authentication you cant expect to utilise the authorization for role based access of pages.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Saturday, April 5, 2014 12:44 AM

All replies