PageRouteHandler.CheckPhysicalUrlAccess Property

Definition

Gets a value that determines whether authorization rules are applied to the physical file's URL.

public:
 property bool CheckPhysicalUrlAccess { bool get(); };
public bool CheckPhysicalUrlAccess { get; }
member this.CheckPhysicalUrlAccess : bool
Public ReadOnly Property CheckPhysicalUrlAccess As Boolean

Property Value

true if authorization is checked for the URL of the physical file that is associated with the route; otherwise, false. The default is true.

Remarks

You can set the CheckPhysicalUrlAccess property when you use the PageRouteHandler(String, Boolean) constructor.

The value of the CheckPhysicalUrlAccess property determines whether the PageRouteHandler object will check security permissions only for the route URL or for both the physical page and the route URL.

When the CheckPhysicalUrlAccess property is set to true (which is its default value), a user must have permission to access both the route URL and the physical URL. When the CheckPhysicalUrlAccess property is set to false, a user requires only permission to access the route URL, and permissions for the physical URL are not checked.

Permissions are defined in the Web.config file, as shown in the following example:

<configuration>
  <location path="categoriespage.aspx">
    <system.web>
      <authorization>
        <allow roles="admin"/>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>
  <location path="category">
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
</configuration>

For a request URL that contains Category/food/show after the domain name, if the route URL pattern is Category/{action}/{categoryName} and the physical page is Categoriespage.aspx, ASP.NET applies the permissions defined in the previous example in one of the following ways:

  • If the CheckPhysicalUrlAccess property is false, all users are granted access, because all users are granted access to the URL pattern that starts with category.

  • If the CheckPhysicalUrlAccess property is true, only admin users are granted access. All users have access to the URL pattern that begins with category, but only admin users have access to the physical page Categoriespage.aspx.

Applies to

See also