Home/ Questions/Q 6765331
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T14:41:58+00:00

I’m looking to create a web.config file and I’m a little confused about which

  • 0

I’m looking to create a web.config file and I’m a little confused about which order do which tags go. I have 2 roles: testers and previewers.

Here’s what I’m looking to do:

1) use the forms authentification tag with url “Login.aspx”

2) use the location tag to say that the directories /AppPages and /AppServices are only accessible to testers (ie. deny *, ?, previewers and allow authentificated testers only, deny everyone else)

3) use the location tag to say that the directories /Scripts and /Styles is only accessible to testers and previewers and deny everyone else

4) how do I make it so that all previewers who attempt to look into the /AppPages or /AppServices pages get rerouted to a custom page.

I have the following web.config file:

<system.web>

  <connectionStrings>
    ...............
  </connectionStrings>

  <roleManager enabled="true"/>

  <authentication mode="Forms">    
     <forms loginUrl="Login.aspx" name=".ASPXFORMSAUTH">
     </forms>
  </authentication>

  <authorization>
     <deny users="?" />
  </authorization>

  <location path="AppPages"> //same for AppServices
    <system.web>
      <authorization>
        <deny users="*" />
            <deny users="?"/>
        <allow roles="tester" />
        <deny roles="previewers" />
      </authorization>
    </system.web
  </location>

  <location path="Scripts"> //same for Styles
    <system.web>
      <authorization>
          <allow roles="previewers" />
          <allow roles="tester" />
          <deny users="?"/>
      </authorization>
    </system.web>
  </location>

</system.web>

What I’m looking to do is have all users be redirected to the preview page and if the user is logged in as a tester then he’ll be able to move on to the app pages while previewers will not.

Thanks for your suggestions.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    About different login pages… As far as I know there’s not a direct simple way to do this in asp.net.. There’s just a variety of paths you can take to achieve it 🙂 Here’s a post that outlines a fairly simple solution.. http://forums.asp.net/t/1348477.aspx

    as far as the authorization rules it’s kind of like a switch statement with breaks.. The first rule that applies to a current users state when accessing the site is the one applied and it stops processing any more… So for example this

    <deny users="*" />
<deny users="?"/>
<allow roles="tester" />
<deny roles="previewers" />

    should probably go

    <deny users="?"/>
<allow roles="tester" />
<deny users="*" />

    otherwise that first line will just deny everyone no matter what.

    http://msdn.microsoft.com/en-us/magazine/cc301390.aspx

    • 0