extra AuthorizationRule in web.config AuthorizationSection

Posted by H07R0D on Stack Overflow See other posts from Stack Overflow or by H07R0D
Published on 2010-06-15T14:39:24Z Indexed on 2010/06/15 14:42 UTC
Read the original article Hit count: 229

Filed under:

ASP.NET

|

authorization

|

web.config

I'm trying to modify the list of allowed users in web.config from a codebehind.

<authorization>
   <allow users="alice, bob"/>
   <deny users="*"/>
</authorization>

I successfully retrieve the section I need

  config = WebConfigurationManager.OpenWebConfiguration("~");
  authSection = (AuthorizationSection)config.GetSection("system.web/authorization");

When I iterate looking for the allow rule, I get two of them.

 foreach (AuthorizationRule rule in authSection.Rules)
 {
     if (rule.Action == AuthorizationRuleAction.Allow)
     {
          // manage the Users StringCollection
      }
  }

The first item I get has 'alice' and 'bob' in the Users collection. The SECOND item I get has * Where is this second entry coming from? This is an Allow Rule, not a Deny rule. I could understand the * from a Deny rule. Is there some extra inheritance I'm not aware of?

© Stack Overflow or respective owner

Related posts about ASP.NET

Migrating ASP.NET MVC 1.0 applications to ASP.NET MVC 2 RTM

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
Note: ASP.NET MVC 2 RTM isn’t yet released! But this tool will help you get your ASP.NET MVC 1.0 applications ready for when it is! I have updated the MVC App Converter to convert projects from ASP.NET MVC 1.0 to ASP.NET MVC 2 RTM. This should be last the last major change to the MVC App Converter… >>> More
April 14th Links: ASP.NET, ASP.NET MVC, ASP.NET Web API and Visual Studio

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
Here is the latest in my link-listing blog series: ASP.NET Easily overlooked features in VS 11 Express for Web: Good post by Scott Hanselman that highlights a bunch of easily overlooked improvements that are coming to VS 11 (and specifically the free express editions) for web development: unit… >>> More
Use ASP.NET 4 Browser Definitions with ASP.NET 3.5

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
We updated the browser definitions files included with ASP.NET 4 to include information on recent browsers and devices such as Google Chrome and the iPhone. You can use these browser definition files with earlier versions of ASP.NET such as ASP.NET 3 Read More......(read more) >>> More
ASP.NET webforms + ASP.NET Ajax versus ASP.NET MVC and Ajax framework freedom

as seen on Stack Overflow - Search for 'Stack Overflow'
If given the choice, which path would you take? ASP.NET Webforms + ASP.NET AJAX or ASP.NET MVC + JavaScript Framework of your Choice Are there any limitations that ASP.NET Webforms / ASP.NET AJAX has vis-a-vis MVC? >>> More
ASP.NET MVC 2 Released

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
I’m happy to announce that the final release of ASP.NET MVC 2 is now available for VS 2008/Visual Web Developer 2008 Express with ASP.NET 3.5. You can download and install it from the following locations: Download ASP.NET MVC 2 using the Microsoft Web Platform Installer Download… >>> More

Related posts about authorization

Apache2 - mod_rewrite : RequestHeader and environment variables

as seen on Server Fault - Search for 'Server Fault'
I try to get the value of the request parameter "authorization" and to store it in the header "Authorization" of the request. The first rewrite rule works fine. In the second rewrite rule the value of $2 does not seem to be stored in the environement variable. As a consequence the request header… >>> More
Apache2 - mod_rewrite : RequestHeader and environment variables

as seen on Server Fault - Search for 'Server Fault'
I try to get the value of the request parameter "authorization" and to store it in the header "Authorization" of the request. The first rewrite rule works fine. In the second rewrite rule the value of $2 does not seem to be stored in the environement variable. As a consequence the request header… >>> More
OAuth: Token-Based Authorization for the Social Networking Age

as seen on Internet.com - Search for 'Internet.com'
The OAuth token-based authorization system allows users to grant third-party access to their resources without sharing their usernames and passwords. It's perfect for the age of data scattered across many social networking sites. >>> More
OAuth: Token-Based Authorization for the Social Networking Age

as seen on Internet.com - Search for 'Internet.com'
The OAuth token-based authorization system allows users to grant third-party access to their resources without sharing their usernames and passwords. It's perfect for the age of data scattered across many social networking sites. >>> More
Implementing OAuth Authorization on Social Networks

as seen on Internet.com - Search for 'Internet.com'
Walk through all the necessary steps for implementing the OAuth token-based authorization system—a perfect security solution for the social networking age—on both the consumer and provider sides. >>> More