0

I want to learn that which way is safer to deny page access.I know one of them for folder access.I don't need folders.

1. way

 <location path="xfile">
    <system.web>
      <authorization>
        <allow roles="admin"/>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>

or 2. way

protected void Page_Load(object sender, EventArgs e)
    {
        if (!this.Page.User.Identity.IsAuthenticated)
        {
            Response.Redirect("/Login");
        }
        else
        {
            if (User.IsInRole("admin"))
            {
                // my action
            }
            else
            {
                Response.Redirect("/");
            }
        }
    }

Have to I use folders for security? OR 2. way is unsafe ?

Improve this question

1 Answer 1

Reset to default
1 
 <location path="myPage.aspx">
    <system.web>
      <authorization>
        <allow roles="admin"/>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>

Check this link: https://weblogs.asp.net/gurusarkar/setting-authorization-rules-for-a-particular-page-or-folder-in-web-config

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thank you.I know this but I want to learn which one is better.
What is better depend what are your requirements. In a simple case you should enable form authentication and set loginUrl to the page that contains login form. Then set your authorization rules in web.config

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.