What is the difference between URL authorization, File authorization and Role authorization??

From Guidance Share

Jump to: navigation, search

J.D. Meier, Prashant Bansode, Alex Mackman


  • URL Authorization is configured by settings within machine and application configuration files. It allows you to restrict access to specific files and folders within your application's Uniform Resource Identifier (URI) namespace. For example, you can selectively deny or allow access to specific files or folders (addressed by means of a URL) to nominated users. You can also restrict access based on the user's role membership or user's identity. URL authorization requires an authenticated identity. This can be obtained by a Windows or ticket-based authentication scheme.

Important. When using roles in URL authorization, the role manager should be enabled and configured to use an appropriate role store.

  • File Authorization applies only if you use one of the IIS-supplied Windows authentication mechanisms to authenticate callers and ASP.NET is configured for Windows authentication. For file types mapped by IIS to the ASP.NET ISAPI extension (Aspnet_isapi.dll), automatic access checks are performed using the authenticated user's Windows access token (which may be IUSR_MACHINE for anonymous users) against the access control list (ACL) attached to the requested ASP.NET file.
  • Roles authorization can be used for fine grained authorization to control access to resources and operations and they can be configured both declaratively and programmatically. .NET Framework 2.0 provides a new role manager API for role based authorization.
Personal tools