Home > Developer > .Net Core

Analysis on ASP. net url Authorization

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

ASP. NET authorization

You can use authorization to determine whether a verified user has accessed a specific resource. This authorization process allows us to restrict the user's access permissions by granting or canceling specific permissions that a user can possess. ASP. NET provides two authorization Methods: file authorization and URL Authorization.

1) ASP. NET file authorization. This method takes effect automatically when we use windows authentication. It is based on IIS authentication. When you try to access an ASP. when the NET application is protected, IIS first verifies it, And then ASP.. NET checks NTFS file permissions or ACL to determine whether the user has the permission to access resources.

2) ASP. net url Authorization. If you do not use windows authentication, you can use ASP. net url Authorization. When a user attempts to access a resource, the ASP. net url Authorization Mechanism agrees or rejects the user's access to the resource based on the role assigned to the application and the identity of the application during the ASP. NET authentication process. Using ASP. net url Authorization can do the following:
◆ Deny or allow access to individual users or groups of users.
◆ Deny or allow access to specific roles.
◆ Restrict access based on the type of HTTP action attempted, such as Get or Post.

Example:

 
 
    
  
  
  1. <authorization> 
    2. 
  
  
  2. <allow users="Domain\user1, Domain\user2"/> 
    3. 
  
  
  3. <deny users="*"/> 
    4. 
  
  
  4. </authorization> 
    5.

Reject anonymous user access? Represents anonymous users, * represents any user ):

 
 
    
  
  
  1. <authorization> 
    2. 
  
  
  2. <deny users="?"/> 
    3. 
  
  
  3. </authorization> 
    4.

Only users with the Domain \ Administrators role can access:

 
 
    
  
  
  1. <authorization> 
    2. 
  
  
  2. <allow roles="Domain\Administrators"/> 
    3. 
  
  
  3. <deny users="*"/> 
    4. 
  
  
  4. </authorization> 
    5.

Note that the content in the configuration section is sequentially related. ASP. NET searches for the sub-item of <authorization> until it finds the rule that matches the current user ).

No one can access:

 
 
    
  
  
  1. <authorization> 
    2. 
  
  
  2. <deny users="*"/> 
    3. 
  
  
  3. <allow roles="Domain\Administrators"/> 
    4. 
  
  
  4. <allow users="Domain\user1, Domain\user2"/> 
    5. 
  
  
  5. </authorization> 
    6.

You can use the Verb attribute to restrict HTTP Action Actions ):

 
 
    
  
  
  1. <allow VERB="POST" users="user1, user2" /> 
    2. 
  
  
  2. <deny VERB="POST" users="*" /> 
    3. 
  
  
  3. <allow VERB="GET" users="*" /> 
    4.

The above introduces ASP. net url Authorization

  1. Analysis of Theme functions in ASP. NET development skills
  2. ASP. NET Dynamic Compilation
  3. Analysis on ASP. NET supported by Apache
  4. Introduction to ASP. NET Server standard controls
  5. Analysis on SQL Server Database Backup Recovery in ASP. NET

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
asp net account on computer asp net core on linux asp net hide url in address bar asp net website on linux server host asp net website on linux server asp or asp net asp to asp net
Related Article
asp.net Core Data protection (the data Protection cluster sce...
asp.net core-authorize characteristics
Micro-service Monitoring zipkin+asp.net core
Combine ASP NET Core and SQL Server with Docker Compose
ASP. net mvc creates 404 jump instances (not 302 and 200), mv...
Comparison between Orchard and ABP architectures (aspnetboile...

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More