When I have created a web site I have created a web.config in the folder where I want to restict access to a web page like this. This is based on forms authentication and that is working very good.
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<authorization>
<allow roles="Administrators" />
<deny users="*" />
</authorization>
</system.web>
</configuration>
Now I read a paper that say the following.
So if I create a web site or web application I use different method to handle authorization or maybe authenticationHave I right in that ?
There are a couple of ways to authorize access to parts of your
ASP.Net application:
AuthorizeAttribute(MVC only)
Principal
PrincipalPermissionAttribute
URL Authorization
All of them can be combined.
For MVC applications we recommend using only Authorize
For Web Applications we recommend using URL Authorization(and if needed function and property authorization use PrincipalPermission)
//Tony