I wish to block access to all non registered users, So, wouldnt the following

Question

0

Editorial Team

Asked: June 7, 20262026-06-07T01:48:07+00:00 2026-06-07T01:48:07+00:00

I wish to block access to all non registered users, So, wouldnt the following

0

I wish to block access to all non registered users,

So, wouldnt the following work?

<authorization>
      <deny users="?" />
</authorization>

But, I have seen many users using the <allow> tag as well with the deny, tag. Why we need to write <allow> since we just deny the unwanted users?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-07T01:48:12+00:00

It doesn’t hurt to have an allow element. But it won’t change anything.

From MSDN:

The default configuration for ASP.NET contains an
element, which authorizes all users. (By default, this rule is applied
last.) If no other authorization rules match, the request is allowed.
If a match is found and the match is a deny element, the request is
returned with the 401 HTTP status code. If an allow element matches,
the module allows the request to be processed further.

Edit: To answer your question below. What you probably want is:

<authorization>
      <allow role="Admin"/>
      <deny users="*" />
</authorization>

In other words. Allow admins but deny EVERYONE else.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I wish to block access to all non registered users, So, wouldnt the following

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply