.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
david stephan
Gaurav Pal
Post New Web Links

How in web.config work in MVC

Posted By:      Posted Date: August 24, 2010    Points: 0   Category :ASP.Net


I would like to secure any URL below the http://MyServer/Admins and limit it to a specific role.

In webforms it was straight forward. I just put a child web.config in the /Admin/ folder and add <authorization>  <allow roles> tags to it.

How would be the equivalent technique in MVC?

Thank you,


View Complete Post

More Related Resource Links

Web.config Authorization Roles with Local Groups with Domain Groups in them


I am "Domain\MyDomainUserName"

If I do this:

      <allow users="Domain\MyDomainUserName" />
      <deny users="*" />

I can access the website I've created on my local machine in debug mode; and with my domain account as a local administrator, if I do this:

      <allow roles="BUILTIN\Administrators" />
      <deny users="*" />

I can still access the website; and with my domain account in a Domain Group named "Domain\DomainLocalSecurityGroup", if I do this:

      <allow roles="DOMAIN\DomainLocalSecurityGroup" />
      <deny users="*" />

I can still access the website; HOWEVER, if I create a Local Group on my machine named "LocalMachineGroup" and I add "Domain\MyDomainUser

Do Membership Roles work with custom connection string?


Hi all, plz help with one issue.
I have Membership configured with IIS7, tables for it located in my own database, created with aspnet_regsql utility, and I am using custom connection string to access it.

This is part of web.config related to Membership :

        <add connectionString="Server=CORESERVER\SQLExpress;Database=Shop;User ID=Tema;Password=Matrix" name="CustomSqlConnection" />
    <profile enabled="true">
            <add name="CustomSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider, System.Web, Version=, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="CustomSqlConnection" />
    <roleManager defaultProvider="AspNetSqlRoleProvider" enabled="true">
            <add name="CustomSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="CustomSqlConnection" />
    <membership defaultProvider="CustomSqlMemberPr

Two roles Admin,User. How do I configure the Web config file?


After reading this helpful thread on the same subject, I still haven't quite got it.

I want these rules:

Allow Admin to everything

Deny all none authenticated users from everything

Allow User to everything exept one page 'UserAdmin.aspx'

Here is my attempt at the last item


  <location path="~/UserAdmin.aspx">
                <allow roles="Admin"/>
                <deny roles="User"/>
                <deny users="*"/>

The problem is the account with the user role is either getting all access or no access.


My master page won't load when using authorization in web.config

I don't have any sub catalogs for the .aspx files and this is my web.config file:<system.web> <compilation debug="true" targetFramework="4.0" /> <authentication mode="Forms"> <forms loginUrl="Login.aspx" name="sqlAuthCookie" timeout="60" /> </authentication> <authorization> <deny users="?" /> <allow users="*" /> </authorization> </system.web> It's as if the Login.aspx won't grab the Site.Master if I add this authorization.I get directed to the Login.aspx if I try to enter any other page, but without seeing the master page.Is this enough info to solve this or do you need to know how the other pages looks like? Let me know!Thanks in advance.Niklas

can't get role based authorization to work

My problem is that my service will not start regardless of what I put in the Role demand.  I even try "BUILTIN\Users" or "Users". Basically, there is absolutely no scenario where the out of the box WCF functionality actually works.  So what magic do I have to do to enable Authorization to check if the authenticated identity has a specific domain group membership? <system.serviceModel> <bindings> <netTcpBinding> <binding name="RBSync" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" hostNameComparisonMode="StrongWildcard" listenBacklog="10" maxBufferPoolSize="524288" maxBufferSize="65536" maxConnections="10" maxReceivedMessageSize="65536"> <reliableSession ordered="true" enabled="true" /> <security mode="Transport"> <transport clientCredentialType="Windows" protectionLevel="EncryptAndSign"/> </security> </binding> </netTcpBinding> </bindings> <client /> <behaviors> <serviceBehaviors>

Authorization tag in Web.Config in MVC folder


I created a new MVC Web Application (not the empty one -- the one with the Account controller stuff).

I created a new folder under Views and placed a new View in it.

I created a Controller for the Folder.

I created a web.config in the Folder and used this content:

 <?xml version="1.0"?>
      <deny users="?" />

When I run the app, I can visit my new View even though I'm an anonymous user.

What gives? Do the web.config authorization rules not apply to MVC? Do I have to do something to the Controller or to the web.config or to the root web.config?

Help is appreciated.



Help with authorization in web.config to deny access to files in a folder



I have a web site that has a folder called Files that contains PDF files.  These PDF files should not be accessible to people who have not signed in to the web site. 

The login URL is www.mysite.com/Account/Login.aspx and the register URL is www.mysite.com/Account/Register.aspx. 

Once the person is signed in they can go to www.mysite.com/Documents/Documents.aspx.  This page has a gridview that lists the PDF files in the Files folder with a link to them.  If the person is not signed in, he/she can't view this Documents.aspx page.  However, if anyone has the URL to the PDF files, they can view those files without having to sign in.

How can I prevent someone from accessing the PDF files in this folder?

The site is hosted on GoDaddy using IIS 6.0.

Thanks in advance.

Clean Web.Config Files (VS 2010 and .NET 4.0 Series)

.NET 4 includes a new version of the CLR, and a new .NET 4 specific machine.config file (which is installed side-by-side with the one used by .NET 2, .NET 3 and .NET 3.5).

The new .NET 4 machine.config file now automatically registers all of the ASP.NET tag sections, handlers and modules that we've added over the years, including the functionality for:

.ASP.NET Dynamic Data
.ASP.NET Routing (which can now be used for both ASP.NET WebForms and ASP.NET MVC)
.ASP.NET Chart Control (which now ships built-into ASP.NET V4)
What this means is that when you create a new "Empty ASP.NET application" project in VS 2010, you'll find that the new default application-level web.config file is now clean and simple:

RadioButton inside GridView, How to get it work as normal

Did you tried before to drag a RadioButton control inside a Gridivew templatefield, and then you attempt to select these RadioButtons , you will notice that the behavior of RadioButton control will be changed and it will work just like the behavior of checkbox control! the user will be able to select more than one radiobutton in the grid!

ASP.NET forms authentication with roles

.A timeout is specified in minutes. This is "time since last request" not the "time since login". If a login is indicated to be persistent (described later) this is ignored.
.A protection method is specified for the cookie.
Next I wanted to specify a folder to which access is restricted to people who have logged in. To do this I entered the following code in the web.config file (beneath

Looking for guidance: wanting to work with AJAX architecture



I'm starting a small website that will be backed by a database, and will allow a small number of users to authenticate and select an entry in the database, and then view (and optionally update) a corresponding entry (think master-detail).

I have some flexibility in how I'll do this, but I'd really like to incorperate some newer AJAX style coding, eliminating some page postbacks. I think this is a great opportunity to learn the concepts well.

I'll probably go with an ASP.NET 4.0 site. From what I've seen there are MANY ways to go about this:

-WCF Data Services to expose the data, and consume in ASP.NET

-Page methods to expose the data, separate method to update the data

-I'd rather avoid the UpdatePanel because I'm really looking for a full hands-on approach, with learning client side scripting being an objective as well.

Beyond that, it seems that one can use jQuery to build clientside templates, but also one can use the ASP.NET AJAX template engine (in ASP.NET 4.0 I believe).

A concern I have: users should only be able to work with the data exposed via these endpoints if they are logged into the website. Hopefully I can somehow reuse the ASP.NET forms authentication cookie for this purpose. 

Well, I hope I've posted enough to a

animate effect work but the render items are messed up.


Hi all,

     I have a very unique problem, humm i think. I am using a jquery effect that animate bounce effect, i have a line in my javascript pageLoad function $("#UserBrowserInfoDIV").show('bounce'); - the effects run smoothly but what it does is mess up the bolded text in the div. I have try the items inside the div without bolding and it works fine and no render problem but when bolded the text that are bolded is quite messed up, and barely readable.

Please let me know is there anything else i can do i really would like use this effect.

P.S all the effect have the same render problem, and i am using ie8 under compatibility mode.





Why getTreeNode does not work?



I try to run a  treeview example from msdn:


I also want to use code from


Here is my code:

<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" %>

<%@ Register TagPrefix="mytree"
Assembly="Microsoft.Web.UI.WebControls" %>
 <script type="text/javascript" language="javascript">

     function xxx() {

         var myNode = treeview_one.getTreeNode(treeview_one.selectedNodeIndex);


<form id="myform" runat="server">
<mytree:treeview id="treeview_one"  runat="server" Child

Hard Code Roles on the Pages


If i hard coded role=Manager on the specific SiteMap/Folder/Page/etc. I will have problem when the manager need to remove from access a specific page. I need to change the code ont eh page/SiteMap/Folder more move the file into another folder.

What i have in mind is to change the role to taks oriented. such as role=AddStock, Edit Stock, Delete Stock, Print DO, Add Sales, Edit Sales, Deleted Sales..... (but it will be many role for 1 user compare to just 1 as Manager)

Will this cause performance issues later when each user have 60 roles and if i have 20,000 user will it affect the application performance?

Otherwise any other option? to make it flexible.

reading values from config files in NUnit tests


One of my NUnit tests has to read in some values from config files.  In my main application this process works perfectly well, however when I run the unit test, the code that reads in the values from the config files doesnt read anything in.  Ive tried putting app.config in my unit test project (I even tried web.config) but nothing seems to work.  Are there any special steps involved when reading from config files in an nunit test ?

NUnit and config files


Ive created an NUnit test project in my solution and have added 3 tests.  They all fail with the same error

SetUp : System.TypeInitializationException : The type initializer for 'Systems.Utils.ConstantHelpers' threw an exception.
  ----> System.NullReferenceException : Object reference not set to an instance of an object.


SetUp : System.TypeInitializationException : The type initializer for 'Systems.Utils.ConstantHelpers' threw an exception.

  ----> System.NullReferenceException : Object reference not set to an instance of an object.

heres the test method

        public void CreateDataContext_ConnectionString_ReturnsDataCon

Category attribute of user control property does not work correctly in categories tab.



I have a User Control (ascx) and a property which a want to display in my categories tab in Visual Studio in the category named "Styles".

[Category("Styles"), DefaultValue(""), Description("The value for formating something.")]
public String MyFormatProperty
set { /* the code for set */; }
get { /* the code for get */; }

And here is the problem: Actually I do not need a get, because I only have to set the property (write only property). But when I omit the get, the property is displayed in the "Misc" category in the categories tab in Visual Studio. Only when I code the get as well, then the property is displayed correctly in the "Styles" category in the categories tab in Visual Studio.

Does anybody know why? How can I display the category correctly only with set?

Thanks, S.

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend