top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

what is authorization in asp.net?

+1 vote
53 views

and authorization rules in web.config to allow or deny resources to particular user or role in asp.net.

posted Dec 16, 2014 by Sathaybama

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

1 Answer

0 votes

Authorization is process of allowing or denying particular resources to user or role in asp.net.

We will discuss this topic with example first create new website and check everything with examples

Once we create website open web.config file and check how it would be if you observe in configuration section under system.web section we are able to see only authentication mode there is no authorization mode exists that would be just like this

 <configuration>
 <system.web>
 <!--
 The <authentication> section enables configuration
 of the security authentication mode used by
 ASP.NET to identify an incoming user.
 -->
<authentication mode="Windows" />
</system.web>
</configuration>

Here we need to Change authentication mode to Forms to implement authorization concept in web.config file. After change authentication mode we need to add authorization in system.web section to implement our custom requirements like allow or deny resources to particular user / role.

Now we will start with section like deny anonymous user’s access to website i.e. the persons whoever login into our website only those are able to access application.

 <configuration>
 <system.web>
 <authentication mode="Forms">
 </authentication>
 <authorization>
 <deny users="?"/><!--will deny anonymous users-->
 </authorization>
 </system.web>
 </configuration>

(Note: The above situation is used whenever user’s accounts created by some administrator to access the application.)

In some situations we will get requirement like we need to allow users to access the particular page and restrict other pages access only to logged/authenticated users.

Example: I have website now I want to allow all users to access only Registration page to register in website and allow only logged / authenticated users to access remaining pages in website.

In this situation we need to write the code like this

 <configuration>
 <system.web>
 <authentication mode="Forms"/>
 <authorization>
 <deny users="?"/>  <!--This will restrict anonymous user access-->
 </authorization>
 </system.web>
 <location path="Registration.aspx"> <!-- Path of your Registration.aspx page -->
 <system.web>
 <authorization>
 <allow users="*"/> <!-- This will allow users to access to everyone to Registeration.aspx-->
 </authorization>
 </system.web>
 </location>
 </configuration>

Here location path should be your page path my page exists in root folder of application that’s why I given direct path if your page exists in another folder we need to change location path should be like this ~/UserDetails/Registration.aspx.

answer Dec 23, 2014 by Shivaranjini
...