Authorization Module Class
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Verifies that the user has permission to access the URL requested. This class cannot be inherited.
public ref class UrlAuthorizationModule sealed : System::Web::IHttpModule
public sealed class UrlAuthorizationModule : System.Web.IHttpModule
type UrlAuthorizationModule = class interface IHttpModule
Public NotInheritable Class UrlAuthorizationModule Implements IHttpModule
The following code example grants access to Kim and members of the Admins role, while denying it to John and all anonymous users.
<authorization> <allow users="Kim"/> <allow roles="Admins"/> <deny users="John"/> <deny users="?"/> </authorization>
The UrlAuthorizationModule determines whether the current user is permitted access to the requested URL, based on the user Name or the list of roles that a user is a member of. For information about how the user name is determined, see ASP.NET Authentication. For information about how to manage user roles, see Managing Authorization Using Roles.
Authorization for a user or a role is managed using the authorization configuration element. You can allow or deny a user or a role using the
deny subelements, respectively. The
deny subelements are interpreted in the order they appear in the configuration. Once an element specifies that access is allowed or denied, the UrlAuthorizationModule completes its authorization check. For example, the following section from a Web.config file requires users to log on (by denying anonymous users), and then allows only users in the Administrators role to have access. Users not in the Administrators role are denied.
<authorization> <deny users="?" /> <allow roles="Administrators" /> <deny users="*" /> </authorization>
A user or role must be specifically denied to refuse the user or role permission to a URL. That is, if the previous example had not specified the
<deny users="*" /> element, then all authenticated users would have been allowed access to the requested URL, regardless of what role they were a member of.
Creates an instance of the UrlAuthorizationModule class.
|CheckUrlAccessForPrincipal(String, IPrincipal, String)||
Determines whether the user has access to the requested file.
Releases all resources, other than memory, used by the UrlAuthorizationModule.
Determines whether the specified object is equal to the current object.(Inherited from Object)
Serves as the default hash function.(Inherited from Object)
Gets the Type of the current instance.(Inherited from Object)
Initializes the UrlAuthorizationModule object.
Creates a shallow copy of the current Object.(Inherited from Object)
Returns a string that represents the current object.(Inherited from Object)