Home/ Questions/Q 8376805
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-09T15:30:49+00:00

Scenario: A web application consists of a root directory (open, no authorization) and a

  • 0

Scenario: A web application consists of a root directory (open, no authorization) and a number of subdirectories (let’s call them Sub1, Sub2 and Sub3). Furthermore, when an user name is provided, there’s a method contacting a SP and returning an IEnumerable<String> consisting of the names of subdirectories, which that certain user is supposed to be allowed to access. The above is not changeable.

I wonder what the neatest way to solve this would be. I can’t rely on AD and a simple authorization stored in a cookie or a session variable won’t allow for a diversification of accessible subdirectories.

I’m pretty confident I can make it work but I’d like to do it in bragable style.

Suggestions?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    To me it sounds like you could put a web.config in each of subfolders with

    <authorization>
   <allow roles="SubfolderName" />
   <deny users="*" />
</authorization>

    Then, for each user, attach the result of this IEnumerable<string> list of subfolders to the user’s roles in your role manager.

    This way, each user trying to access the folder will have a proper role in his/her role list and the url authorization module will allow the user to access the folder.

    • 0