Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Authorization Asp.net web.config

I have an application that has a backoffice. This backoffice was isolated with the use of roles like this:

<location path="backoffice">
    <system.web>
        <authorization>
            <allow roles="admin"/>
            <deny users="*"/>
        </authorization>
    </system.web>
</location>

But now we have another type of role that needs access. The companyadmin role.

Can I just say?:

 <location path="backoffice">
        <system.web>
            <authorization>
                <allow roles="admin,companyadmin"/>
                <deny users="*"/>
            </authorization>
        </system.web>
    </location>
like image 361
user29964 Avatar asked Mar 13 '09 12:03

user29964


3 Answers

Yes, exactly so (assuming you properly authenticated your users, and set their roles accordingly).

Check the MSDN article: https://learn.microsoft.com/en-us/previous-versions/dotnet/netframework-1.1/8d82143t(v=vs.71)

like image 128
AviD Avatar answered Nov 04 '22 13:11

AviD


Yes, roles, users and verbs takes comma separated values.

MSDN Reference

like image 4
Canavar Avatar answered Nov 04 '22 14:11

Canavar


yes, you can add n roles like that.

If you prefer, you can also:

<allow roles="admin"/>
<allow roles="admin1"/>
<deny users="*"/>
like image 4
eglasius Avatar answered Nov 04 '22 13:11

eglasius