.NET Authorization. Does the order or allow and deny elements matter?
https://stackoverflow.com/questions/10836444
-
12-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I am curious whether the order in which you supply the <allow> and <deny> elements in the element does matter?
Solution
Yes, the order matters. This page describes the basic principles: http://msdn.microsoft.com/en-us/library/wce3kxhd.aspx. As per the page, a list of authorization rules is built up from the hierarchy of config files and then the first match wins.
This SO question has a nice example: ASP.NET Forms Auth Allowing access to specific file in subdirectory when all others should be denied
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
