<authentication mode="Windows"/>
<authorization>
<allow users="USERS"/>
<allow roles="ROLES"/>
<deny users="*"/>
</authorization>
Is there a way to write an if statement in here to detect what url I am on so I can allow a certain role for that certain URL.
Example code in my head of what I kind of want to see:
If (UCase(Url) = UCase("URL")) Then
<allow roles="ROLES"/>
ElseIF(UCase(Url) = UCase("URL")) Then
<allow roles="ROLES"/>
ElseIF (UCase(Url) = UCase("URL")) Then
<allow roles="ROLES"/>
End If
<deny users="*"/>
Is this even allowed in the web.config? If it isn’t how could I go about doing this?
I have 3 websites. One for Dev, UAT and PROD. Now for each sites I have different user groups for each set up. I just want to find a way that I can just find what URL i’m at and point it at the certain user group. I’m guessing I have to make a web.config for each because you can’t do conditional statements but I’m just making sure. If I have to make a web.config for each how can I go about setting that up?
Edit (changed the whole answer as I think your issue is now different)
Your best option is to have different configuration settings in each web.config which is what web.config files are for. You might have to look at your deployment process if you deploy the web.config each time (either manually or automatically).
Another option would be to instead have your application do the authorisation by knowing what environment it is running in and denying access using code. That path is obviously more work than something that has already been provided, but is an option.