Chapter 15. Authorization: Control Who Is Accessing Your Site

By Kevin Price

IN THIS CHAPTER

• File and Directory Access Control Lists (ACLs)

• Using URL Authorization to Allow or Limit Access

• Using Programmatic Authorization to Determine Who Is Attempting to Access Your Site

Of the many features of ASP.NET are new objects that have been created to help simplify common Internet programming tasks , such as authorizing users attempting to access a resource on your Web site. Now that a firm representation of authentication has been presented, it is time to present what to do when users' accounts have been authenticated ”they can now be authorized or at least they can learn what they are authorized to do. Authorization is not limited to determining who can access what code, it also includes managing who can access your site at all. This chapter shows techniques useful in ASP.NET applications to control who is accessing your site. ASP.NET applications can use many different sources for information regarding authorization. Some of the more commonly used sources are as follows :

• Windows Access Control Lists (ACLs)

• Web Server Permissions (IIS)

• URL Authorization (discussed later in this chapter)

• .NET Principal Objects (see Chapter 14, "Authentication: Know Who Is Accessing Your Site")

• Roles and Method Level security (discussed in Chapter 14 and later in this chapter)

• Using IIS enforcement on File and Directory Access Control Lists

• Discovering what URL Authorization can do

• Programmatically authorizing a user