How to Restrict Access to Particular Page/folder in Asp.net

As we create any project or website we have different different panel or roles like admin, visitor, and user and so on. So we always need to restrict to access the particular page or folder. Many times we have heard about that what is Authorization and Authentication in asp.net in interview time.

Once we create we have get by default web.confg like below

In web.config    

<?xml version="1.0"?>

<configuration>

<system.web>

<!--

The <authentication> section enables configuration of the security authentication mode used by ASP.NET to identify an incoming user.

-->

<authentication mode="Windows" />

</system.web>

</configuration>

Now we will change authentication mode “Windows” to “Forms”

In web.config    

<?xml version="1.0"?>

<configuration>

<system.web>

<authentication mode="Forms">

</authentication>

<authorization>

<deny users="?"/><!--will deny anonymous users-->

</authorization>

</system.web>

</configuration>

(Note: The above situation is used whenever user’s accounts created by some administrator to access the application.)

Allow users to access the particular page and restrict other pages access only authenticated users.

In web.config    

<?xml version="1.0"?>

<configuration>

<system.web>

<authentication mode="Forms"/>

<authorization>

<deny users="?"/>  <!--This will restrict anonymous user access-->

</authorization>

</system.web>

<location path="profile_page.aspx"> <!-- Path of your profile_page.aspx page -->

<system.web>

<authorization>

<allow users="*"/> <!-- This will allow users to access to everyone to profile_page.aspx -->

</authorization>

</system.web>

</location>

</configuration>

Allow only particular user to access website and deny all other users

 In web.config   

<?xml version="1.0"?>

<configuration>

<system.web>

<authorization>

<allow users="Neeraj"/>  <!-- It will allow only Neeraj -->

<deny users="*"/>  <!--Deny others -->

</authorization>

</system.web>

</configuration>

Allow only one user to access particular page and deny access to other users

In web.config    

<?xml version="1.0"?>

<configuration>

<location path="profile_page.aspx"> <!-- Path of your profile_page.aspx page -->

<system.web>

<authorization>

<allow users="Neeraj"/>  <!-- It will allow only Neeraj -->

<deny users="*"/><!-- deny all other users -->

</authorization>

</system.web>

</location>

</configuration>

Allow users in particular role

<?xml version="1.0"?>

<configuration>

<system.web>

<authorization>

<allow roles="Admin"/> <!--Allows users in Admin role-->

<deny users="*"/> <!--Deny everyone else-->

</authorization>

</system.web>

</configuration>

Allow users in particular role to access folders

<?xml version="1.0"?>

<configuration>

<location path="AdminFolder">

<system.web>

<authorization>

<allow roles="Admin"/> <!--Deny everyone else Admin role Users -->

<deny users="*"/> <!--Deny everyone else Admin role Users-->

</authorization>

</system.web>

</location>

<location path="CustomerFolder">

<system.web>

<authorization>

<allow roles="Admin, Customers"/> <!--Allow users in Admin and Customers roles-->

<deny users="*"/> <!--Deny rest of all-->

</authorization>

</system.web>

</location>

</configuration>

Anonymous access: - If you do not want any kind of authentication then you will go for Anonymous access.

Note: - allow statement always before the deny statement because if we place deny statement first and then allow statement in this situation allow statement properties won’t work.