One way to use our membership provider to control security is to add some configuration elements in the Web.config
file. We can use the <location>
element to specify the name of a directory or a page, and then use an <authorization>
block to control access.
The
<location>
element is specified in the Web.config
file, usually right after the </system.web>
element as part of the <configuration>
block. To control security, we have two major options, namely, "allow" and "deny". We can also specify if we want the security to apply to everyone (*), only anonymous users (?), or to specific users or roles.
If you look at the following <location>
element, you will see that we are denying access to all unauthenticated (anonymous) users, that is, we only allow logged-in users to visit the SecurePage.aspx
page.
<location path="/SecurePage.aspx"> <system.web> <authorization> <deny users="?"/> </authorization...