How do I lock authorization settings?

From Guidance Share

Jump to: navigation, search

J.D. Meier, Prashant Bansode, Alex Mackman

Answer

Server administrators can lock authorization settings by placing the <authorization> element in the machine-level Web.config file inside a <location> element with the allowOverride attribute set to false. This ensures that an individual application cannot override the machine-level settings. For example:

<location path="" allowOverride="false">
 <system.web>
    <authorization>
       <deny users="?" />
      <allow users="*" />
    </authorization>
 </system.web>
</location>
Personal tools