问题
Is it possible to use multiple authorization elements in a single web.config to allow additional users access to one file?
E.g., I would like to allow User1 access to the whole application (including Page1.aspx), and User2 access to only Page1.aspx:
<system.web>
<authorization>
<allow users="DOMAIN\User1" />
<deny users="*" />
</authorization>
</system.web>
<location path="~/Page1.aspx">
<system.web>
<authorization>
<allow users="DOMAIN\User2" />
<deny users="*" />
</authorization>
</system.web>
</location>
回答1:
I believe you can use a comma delimited list of users, so there should be no need for using multiple authorization elements for a single resource.
Also, it is generally better to rely on roles instead of specific users. Since it appears you are using AD, then you can use a security group or something similar for the roles.
回答2:
If you remove the <deny users="*" /> from the Page1.aspx authorization section, you should get what you want. It will allow User2 to use just that page, and User1's authorization to everything will still apply to this page as well.
Here's a pretty good tutorial on all things related to authorization.
来源:https://stackoverflow.com/questions/4900104/using-multiple-authorization-elements-in-web-config