Enforcing web.config authorization entries

Ultimate goal is to provide protection against programming mistakes. I want to make sure that every page in a portion of my web application has a role specified like below. Ideally I would like to programatically check all requests coming in ( think IHttpModule ) and make sure that the page being requested has a role specified.

I can't seem to find how to get programatic access to the allowed roles.

<location path="foo.aspx">
 <system.web>
  <authorization>
   <allow roles="modifier"/>
  </authorization>
 </system.web>
</location>

Answers


make a deny * in the root, so every page is not allowed, until it is explicitly activated....


Stumbled across this AuthorizationRuleCollection.

From MSDN, I've not tried it as I solved my problem using a tecnique similar to the AuthorizeAttribute in the MVC framework.

System.Configuration.Configuration configuration = WebConfigurationManager.OpenWebConfiguration("/aspnetTest");
AuthorizationSection authorizationSection = (AuthorizationSection)configuration.GetSection("system.web/authorization");

Need Your Help

iOS distribution - parameters in itms-services protocol link for plist

ios plist protected

I would like to pass the userid and password in the itms-services link so that the protected plist can be accessed.

how to force a div tag to not do a line break?

html line-breaks carriage-return linefeed

I have a div tag that contains an URL inside. After some external format ends up with come line breaks (carriage return, line feed) that are interpreted as white space in the HTML*.