Authorization is the process of determining the
accessibility to a resource for a previously authenticated user. Note that
authorization can only work with authenticated users, hence ensuring that no
un-authenticated user can access the application. The default authentication
mode is anonymous authentication. There can be three types of authorization in
ASP.NET. They are
·
URL Authorization
·
File Authorization
·
Authorization based on ACLs
Authorization like authentication is specified in the
web.config file of the application. The following specification in the
web.config file allows or grants access to the user Joydip but denies the same
to Jini and all anonymous users. Note that the <allow> and <deny>
element ordering is important, since the first one that matches the request
will be used. Hence, if you were to add a <deny users="*" />
to the top of the list, it would always deny everyone, regardless of any
<allow /> elements that followed it.
Listing 7
<authorization>
<allow users="Joydip"/>
<deny users="Jini"/>
<deny users="?"/>
</authorization>