Asp.net Authorization "Allow" and "Deny" Order

本文详细解释了ASP.NET中授权配置的允许与拒绝指令的工作原理及正确使用方法,强调了指令顺序的重要性。

<location path="Premium.aspx">
    <system.web>
        <authorization>
            <allow roles="Subscribers"/>
            <deny users="*"/>
        </authorization>
    </system.web>
</location>

Is the order of "allow" and "deny" matter?


To clarify about the order of Allow and Deny, authorization is going to apply based on the first match it finds, so order is very important. For instance:

<deny users="*" />
<allow users="Administrator" />

Administrator will be denied since it matched the first entry of deny... even though you specified to allow the Administrator user on the next line. So to only allow the Administrator, the correct syntax would be:

<allow users="Administrator" />
<deny users="*" />

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值