Listing 4 shows the web.config for the Restricted directory
in the example. In this web.config file we only use the authorization section.
Here we specify which users have access to this sub directory. The example only
has one sub directory, but you can have as many as you want. You just need to
create one for each sub directory. Use the allow node to set users equal to a
comma delimited string of names that will have access to this directory. Then
below that, make sure to use deny with users set equal to the asterisk (*) to
deny access to everyone else.
You could also use groups with allow if you are using
windows authentication. However, one of the limitations of this method is that
the menu items are loaded by filtering on the user name. So, if you use a
windows group for security, you will probably have to display the menu items
for that particular sub directory for everyone.
Create a sub directory name Restricted and place the
following web.config file in it.
Listing 4 - This is the Web.config file for the
Restricted directory
<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<system.web>
<authorization>
<allow users="user2" />
<deny users="*" />
</authorization>
</system.web>
</configuration>