ASP.NET Web Forms and MVC Bypass Authorization for Single Form or Single Controller using web.config

Posted on by Chandra Oemaryadi

Jika penanganan authorization menggunakan web.config, authorization dapat di by pass untuk form tertentu / controller tertentu.

“Api/File” adalah url untuk memanggil controller (MVC / Web API). “service/FileService.aspx” adalah struktur folder/file ke form.

[code language=”xml”]
<configuration>
<location path="Api/File">
<system.web>
<authorization>
<allow users="?"></allow>
</authorization>
</system.web>
</location>

<location path="service/FileService.aspx">
<system.web>
<authorization>
<allow users="?"></allow>
</authorization>
</system.web>
</location>

<system.web>
<authentication mode="Windows" />
<authorization>
<allow users="YUDHA\Yudha Satria,YUDHA-PC\Yudha Satria" />
<deny users="?" />
</authorization>
</system.web>
</configuration>
[/code]

  0 people found this article useful

Chandra Oemaryadi has written 244 articles

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>