extra AuthorizationRule in web.config AuthorizationSection

Posted by H07R0D on Stack Overflow See other posts from Stack Overflow or by H07R0D
Published on 2010-06-15T14:39:24Z Indexed on 2010/06/15 14:42 UTC
Read the original article Hit count: 254

Filed under:
|
|

I'm trying to modify the list of allowed users in web.config from a codebehind.

<authorization>
   <allow users="alice, bob"/>
   <deny users="*"/>
</authorization>

I successfully retrieve the section I need

  config = WebConfigurationManager.OpenWebConfiguration("~");
  authSection = (AuthorizationSection)config.GetSection("system.web/authorization");

When I iterate looking for the allow rule, I get two of them.

 foreach (AuthorizationRule rule in authSection.Rules)
 {
     if (rule.Action == AuthorizationRuleAction.Allow)
     {
          // manage the Users StringCollection
      }
  }

The first item I get has 'alice' and 'bob' in the Users collection. The SECOND item I get has * Where is this second entry coming from? This is an Allow Rule, not a Deny rule. I could understand the * from a Deny rule. Is there some extra inheritance I'm not aware of?

© Stack Overflow or respective owner

Related posts about ASP.NET

Related posts about authorization