how can access folder's pages according to roles in c# vs2005 in webconfig

Question

The scenario is :

I am working on role based project in vs2005 and sql server2005. I defined the role in database and added custom role provider. I have two roles like "admin" and "user". I created two folder in project and placed the pages in these folder (admin and user) according to roles. Now I want to add code in web.config for accessing the pages according to roles means admin can see only admin folder pages and user can see only user folder pages.

If I define only one page for admin and one page for user in tag with roles authorization then they work fine. But if I used more than one pages in both folder then I need to define all pages in web.config file for both.

I used location tag like this

<location path="user/userpage1.aspx">
    <system.web>
      <authorization>
        <allow roles="user"/>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>

Is there any possibility to assign a role for a folder instead of a page in tag. If yes, Please give some valuable ideas to implement this.

Updates I added these two location tags in my web config

<!--allow admin role members-->
  <location path="admin/adminpage1.aspx">
    <system.web>
      <authorization>
        <allow roles="admin"/>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>
<!--allow user role members-->
  <location path="user/userpage1.aspx">
    <system.web>
      <authorization>
        <allow roles="user"/>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>

abatishchev · Accepted Answer · 2013-01-04T06:59:45.373

1

Doesn't the following work for you?

<location path="folder">
    <system.web>
        <authorization>
            <allow roles="user" />
            <deny users="*" />
        </authorization>
    </system.web>
</location>

what works for me in the following configuration:

<location path="Content/Images">
    <system.web>
        <authorization>
            <allow users="*" />
        </authorization>
    </system.web>
</location>
<system.web>
    <authorization>
        <allow roles="Admin,Manager,Client" />
        <deny users="?" />
    </authorization>
</system.web>

allowing anonymous access while in general it's not allowed.

Our you can put in a sub folder a separate location-agnostic Web.config:

<system.web>
    <authorization>
        <allow roles="user" />
        <deny users="*" />
    </authorization>
</system.web>

edited Jan 04 '13 at 06:59

answered Jan 04 '13 at 06:52

abatishchev

98,240
88
296
433

@GhostAnswer: See my update once again. Check what do you allow/disallow in root directive and what and location-specific. – abatishchev Jan 04 '13 at 07:02
@GhostAnswer: What is the root allowance? If may affect somehow folder settings. – abatishchev Jan 04 '13 at 07:14
let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/22165/discussion-between-ghost-answer-and-abatishchev) – Ghost Answer Jan 04 '13 at 07:22

how can access folder's pages according to roles in c# vs2005 in webconfig

1 Answers1