ASP. NET authorization
You can use authorization to determine whether a verified user has accessed a specific resource. This authorization process allows us to restrict the user's access permissions by granting or canceling specific permissions that a user can possess. ASP. NET provides two authorization Methods: file authorization and URL Authorization.
1) ASP. NET file authorization. This method takes effect automatically when we use windows authentication. It is based on IIS authentication. When you try to access an ASP. when the NET application is protected, IIS first verifies it, And then ASP.. NET checks NTFS file permissions or ACL to determine whether the user has the permission to access resources.
2) ASP. net url Authorization. If you do not use windows authentication, you can use ASP. net url Authorization. When a user attempts to access a resource, the ASP. net url Authorization Mechanism agrees or rejects the user's access to the resource based on the role assigned to the application and the identity of the application during the ASP. NET authentication process. Using ASP. net url Authorization can do the following:
◆ Deny or allow access to individual users or groups of users.
◆ Deny or allow access to specific roles.
◆ Restrict access based on the type of HTTP action attempted, such as Get or Post.
Example:
- <authorization>
- <allow users="Domain\user1, Domain\user2"/>
- <deny users="*"/>
- </authorization>
Reject anonymous user access? Represents anonymous users, * represents any user ):
- <authorization>
- <deny users="?"/>
- </authorization>
Only users with the Domain \ Administrators role can access:
- <authorization>
- <allow roles="Domain\Administrators"/>
- <deny users="*"/>
- </authorization>
Note that the content in the configuration section is sequentially related. ASP. NET searches for the sub-item of <authorization> until it finds the rule that matches the current user ).
No one can access:
- <authorization>
- <deny users="*"/>
- <allow roles="Domain\Administrators"/>
- <allow users="Domain\user1, Domain\user2"/>
- </authorization>
You can use the Verb attribute to restrict HTTP Action Actions ):
- <allow VERB="POST" users="user1, user2" />
- <deny VERB="POST" users="*" />
- <allow VERB="GET" users="*" />
The above introduces ASP. net url Authorization
- Analysis of Theme functions in ASP. NET development skills
- ASP. NET Dynamic Compilation
- Analysis on ASP. NET supported by Apache
- Introduction to ASP. NET Server standard controls
- Analysis on SQL Server Database Backup Recovery in ASP. NET