I am curious whether the order in which you supply the <allow> and <deny> elements in the element does matter?
I am curious whether the order in which you supply the <allow> and <deny>
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am curious whether the order in which you supply the <allow> and <deny> elements in the element does matter?
Yes, the order matters. This page describes the basic principles: http://msdn.microsoft.com/en-us/library/wce3kxhd.aspx. As per the page, a list of authorization rules is built up from the hierarchy of config files and then the first match wins.
This SO question has a nice example: ASP.NET Forms Auth Allowing access to specific file in subdirectory when all others should be denied