Tuesday, September 08, 2009

Web.Config: <authorization> Element

Here is the web.config snippet to allow access to only one user to web site or web service and deny access to all other users either authenticated or anonymous.

Allow Access to only one domain user

Allow access to any autheticated domain user

<authentication
mode="Windows"/>


<authorization>

<allow
users="basit"/>

<deny
users="*"/>

</authorization>

<authentication
mode="Windows"/>


<authorization>

<allow
users="basit"/>

<deny
users="?"/>

</authorization>


It will enable windows authentication and only allow user "basit" to access the web site or web service. It will deny access to all other users.


It will enable windows authentication and allow user "basit" and any other authenticated user to access the web site or web service. It will deny access to any anonymous user.

No comments: