I am building an ASP.NET 3.5 Web Application and I am NOT using the

Question

0

Asked: May 13, 20262026-05-13T09:40:18+00:00 2026-05-13T09:40:18+00:00

I am building an ASP.NET 3.5 Web Application and I am NOT using the

0

I am building an ASP.NET 3.5 Web Application and I am NOT using the membership provider for security. In the application I have a role named Admin and all the files for this role are inside the Security folder in the project. Currently for all the pages inside the security folder I am checking to see if the logged in user’s role is an Admin or not. This to me seems very redundant, can do something like “If the user is requesting a page inside the security folder then check his role”. Is this possible?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-13T09:40:18+00:00

Editorial Team

2026-05-13T09:40:18+00:00Added an answer on May 13, 2026 at 9:40 am

You can place a separate web.config file in the Security folder that will deny access to every request to that folder if the user isn’t in the Admin role.

Here’s a quick walkthrough.

It would basically look like this:

<location path="Security">
 <system.web>
  <authorization>
   <allow roles="Admin"/>
   <deny users="*"/>
  </authorization>
 </system.web>
</location>

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I am building an ASP.NET 3.5 Web Application and I am NOT using the

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply