Enforcing web.config authorization entries
Ultimate goal is to provide protection against programming mistakes. I want to make sure that every page in a portion of my web application has a role specified like below. Ideally I would like to programatically check all requests coming in ( think IHttpModule ) and make sure that the page being requested has a role specified.
I can't seem to find how to get programatic access to the allowed roles.
<location path="foo.aspx"> <system.web> <authorization> <allow roles="modifier"/> </authorization> </system.web> </location>
make a deny * in the root, so every page is not allowed, until it is explicitly activated....
Stumbled across this AuthorizationRuleCollection.
From MSDN, I've not tried it as I solved my problem using a tecnique similar to the AuthorizeAttribute in the MVC framework.
System.Configuration.Configuration configuration = WebConfigurationManager.OpenWebConfiguration("/aspnetTest"); AuthorizationSection authorizationSection = (AuthorizationSection)configuration.GetSection("system.web/authorization");