<deny> Element
Specifies that access to a resource is denied.
<configuration>
<system.web>
<authorization>
<deny>
<deny users="comma-separated list of users"
roles="comma-separated list of roles"/>
Optional Attributes
| Attribute | Description |
|---|---|
| Users | A comma-separated list of user names that are denied access to the resource. A question mark (?) denies anonymous users and an asterisk (*) indicates that all users are denied access. |
| Roles | A comma-separated list of roles that are denied access. |
Remarks
At run time, the authorization module iterates through the <allow> and <deny> tags until it finds the first access rule that fits a particular user. It then grants or denies access to a URL resource depending on whether the first access rule found is an <allow> or a <deny> rule. The default authorization rule in the Machine.config file is <allow users="*"/> so, by default, access is allowed unless configured otherwise.
Example
The following example allows access to all members of the Admins role and denies access to all users.
<configuration>
<system.web>
<authorization>
<allow roles="Admins"/>
<deny users="*"/>
</authorization>
</system.web>
</configuration>
Requirements
Contained Within: <system.web>
Web Platform: IIS 5.0, IIS 5.1, IIS 6.0
Configuration File: Machine.config, Web.config
Configuration Section Handler: System.Web.Configuration.CustomErrorsConfigHandler
See Also
<authorization> Element | ASP.NET Configuration | ASP.NET Settings Schema