I’m using forms authentication for my MVC 3 application. I’ve added this line in my configuration:
<authorization>
<allow roles="Administrator"/>
<deny users="*"/>
</authorization>
When i run the application (on my local box) I get the errors listed below and none of the CSS styles come through. But when I log-in, everything looks fine. So I guess I have a couple of questions:
- Is it best practice to add the authorization rules in the web.config or should I add it to the [Authorize] attribute within the controller.
- I only get the errors listed below when I add the authorization rules in the web.config. What am i missing?
Help would be appreciated. Thank you.
p.s. I’m using Internet Explorer 8
Webpage error details
User Agent: Mozilla/4.0 (compatible;
MSIE 8.0; Windows NT 5.1; Trident/4.0;
GTB6.5; .NET CLR 2.0.50727;
InfoPath.2; .NET4.0C; .NET4.0E; .NET
CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Timestamp: Fri, 13 May 2011 15:48:19
UTCMessage: Syntax error Line: 1 Char: 1
Code: 0 URI:
http://localhost:1361/Account/LogOn?ReturnUrl=%2fScripts%2fjquery-1.4.4.min.jsMessage: Syntax error Line: 1 Char: 1
Code: 0 URI:
http://localhost:1361/Account/LogOn?ReturnUrl=%2fScripts%2fjquery.validate.min.jsMessage: Syntax error Line: 1 Char: 1
Code: 0 URI:
http://localhost:1361/Account/LogOn?ReturnUrl=%2fScripts%2fjquery.validate.unobtrusive.min.js
In your web.config, you are restricting access to everyone but administrators in all cases. Check out this link to give you more options on what you can do. (like allowing access to specific folders)
http://weblogs.asp.net/gurusarkar/archive/2008/09/29/setting-authorization-rules-for-a-particular-page-or-folder-in-web-config.aspx