ASP.MVC :Web.Config and Authorize attribute
I have an AdminController protected by an Authorize attribute like this
[Authorize(Roles = "Admin")]
public class AdminController : BaseController
{
.....
}
And I have in my web.config this security location section
<location path="admin">
<system.webServer>
<security>
<authorization>
<remove users="*" roles="" verbs="" />
<add accessType="Allow" roles="Admin" />
</authorization>
</security>
</system.webServer>
</location>
If I remove the web config section, everything works perfectly and only Admin can access Admin actions With the section in, I am alwa开发者_JAVA技巧ys redirected to my login page
However, I need the web.config section because I have some static files on the Admin folder that I want to be protected and accessed only by Admin role
What's wrong with my web.config Thanks
easiest way is to add a new web config file to the admin section
<?xml version="1.0"?>
<configuration>
<system.web>
<authorization>
<deny users="*" />
<allow roles="Admin" />
</authorization>
</system.web>
</configuration>
精彩评论