|
|
If you specify a forms element in your Web.config file when using forms authentication, and you do not include loginUrl, users will automatically be forwarded to the default.aspx page.
If you create a Web.config file in a subfolder with the following definition:
<authorization>
<allow roles="Doctors"/>
<deny users="*"/>
</authorization>
only members of the Doctors role will be able to access this folder. However, everyone will be able to access other folders that do not specify a specific authorization section. The * means everyone, and ? means anonymous users.
The following statement denies access to anonymous users:
<deny users="?"/>
The following authorization section allows access to a folder for user1 and user2, and denies access to user3 and user4:
<authorization>
<allow users="user1, user2"/>
<deny users="user3, user4"/>
</authorization>
If all users are authenticated in your organization and you want to ensure authorization, you should set up IIS to use Integrated Security.
If you wish to use FileAuthorizationModule, you must use Windows Integrated Security.
|
|