All geek questions in one place

How to increase security based on files in a folder

I am building an ASP.NET 3.5 web application and I am NOT using a membership provider for security. In the application, I have a role called Admin, and all the files for this role are in the Security folder in the project. Currently, for all pages inside the security folder, I am checking if the registered user role is an administrator or not. This seems redundant to me, it can do something like "If the user requests a page inside the security folder, then check its role." Is it possible?

+2
source share
1 answer

You can put a separate web.config file in the security folder, which will deny access to each request in this folder if the user is not in the administrator role.

Here is a brief description .

It basically looks like this:

<location path="Security">
 <system.web>
  <authorization>
   <allow roles="Admin"/>
   <deny users="*"/>
  </authorization>
 </system.web>
</location>
+2
source

Source: https://habr.com/ru/post/1757382/

More articles:


All Articles