PageRouteHandler.CheckPhysicalUrlAccess Property
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Gets a value that determines whether authorization rules are applied to the physical file's URL.
public:
property bool CheckPhysicalUrlAccess { bool get(); };public bool CheckPhysicalUrlAccess { get; }member this.CheckPhysicalUrlAccess : boolPublic ReadOnly Property CheckPhysicalUrlAccess As BooleanProperty Value
true if authorization is checked for the URL of the physical file that is associated with the route; otherwise, false. The default is true.
Remarks
You can set the CheckPhysicalUrlAccess property when you use the PageRouteHandler(String, Boolean) constructor.
The value of the CheckPhysicalUrlAccess property determines whether the PageRouteHandler object will check security permissions only for the route URL or for both the physical page and the route URL.
When the CheckPhysicalUrlAccess property is set to true (which is its default value), a user must have permission to access both the route URL and the physical URL. When the CheckPhysicalUrlAccess property is set to false, a user requires only permission to access the route URL, and permissions for the physical URL are not checked.
Permissions are defined in the Web.config file, as shown in the following example:
<configuration>
<location path="categoriespage.aspx">
<system.web>
<authorization>
<allow roles="admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="category">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
</configuration>
For a request URL that contains Category/food/show after the domain name, if the route URL pattern is Category/{action}/{categoryName} and the physical page is Categoriespage.aspx, ASP.NET applies the permissions defined in the previous example in one of the following ways:
If the CheckPhysicalUrlAccess property is
false, all users are granted access, because all users are granted access to the URL pattern that starts withcategory.If the CheckPhysicalUrlAccess property is
true, onlyadminusers are granted access. All users have access to the URL pattern that begins withcategory, but onlyadminusers have access to the physical page Categoriespage.aspx.
