.NET Authorization Rules

  • Article

 

Applies To: Windows Server 2012 R2, Windows Server 2012

Use the .NET Authorization Rules page to configure rules for authorizing users to access your websites and applications. You can add Allow or Deny rules, and specify users, roles, or user groups to whom to allow access to your web content.

Related scenarios

In this document

UI Elements for .NET Authorization Rules

The following tables describe the UI elements that are available on the feature page and in the Actions pane.

Feature Page Elements

Element Name

Description

Mode

Lists the type of action enabled by the .NET authorization rule. The value can be either Allow or Deny.

Users

Lists the users who are allowed or denied access to web content as specified by the .NET authorization rule.

Roles

Lists the roles that are allowed or denied access to web content as specified by the .NET authorization rule.

Verbs

Lists the verbs to which the .NET authorization rules are applied.

Entry Type

Lists the entry type for the .NET authorization rule.

Actions Pane Elements

Element Name

Description

Add Allow Rule

Opens the Add Allow Authorization Rule dialog box that lets you configure a rule allowing access to your web content to certain roles, users, or user groups.

Add Deny Rule

Opens the Add Deny Authorization Rule dialog box that lets you configure a rule denying access to your web content to certain roles, users, or user groups.

Edit

Opens the Edit Allow Authorization Rule dialog box or the Edit Deny Authorization Rule dialog box that lets you change the selected .NET authorization rule.

Remove

Removes the selected .NET authorization rule.

Allow or Deny Authorization Rule Dialog Boxes

Use the Add Allow Authorization Rule, Edit Allow Authorization Rule, Add Deny Authorization Rule, and Edit Deny Authorization Rule dialog boxes to add or edit the properties for .NET authorization rules.

For more information, see the .NET Authorization Rules [w8].

Element Name

Description

All users

Select this option to manage access to content for both anonymous and authenticated users.

Note

Be sure to position this rule underneath any rules that grant access to content. If this rule is at the top of the rules list, all users are denied access to content.

All anonymous users

Select this option to manage access to content for users who are not authenticated.

Note

If you use this rule, all users must have a valid user account and password to be able to authenticate.

Specified roles or user groups

Select this option to manage access to content for specific roles or user groups.

Note

If you use this rule, all members of the specified roles and groups must have a valid Basic or Custom user account and password to be able to authenticate.

Specified users

Select this option to manage access to content for a specific user account.

Note

If you use this option, all users must have a valid Basic or Custom user account and password to be able to authenticate.

Apply this rule to specific verbs

Select this option to apply the authorization rule to specific verbs, such as GET or POST.