Assign a particular username, or comma-delimited list of usernames, to the deny element : Authorization « Authentication Authorization « ASP.NET Tutorial






  1. ASP.NET Tutorial
  2. Authentication Authorization
  3. Authorization
The ASP.NET Framework uses a first-match algorithm. 
If you switched the allow and deny rules, then no one, not event Jane, would be allowed to access the pages in the folder.

File: SecretFiles\Web.Config

<configuration>
    <system.web>

      <authorization>
        <allow users="Jane" />
        <deny users="*" />
      </authorization>

    </system.web>
</configuration>








21.2.Authorization
21.2.1.Configuring Authorization
21.2.2.Assign a particular username, or comma-delimited list of usernames, to the deny element
21.2.3.Authorizing by Role
21.2.4.Authorizing Files by Location
21.2.5.Use the location element to apply configuration settings to a particular subfolder