Web.config authorization rules: Any point in having user set to "*" if
there are specific roles set?
I am cleaning up some web config files and I came across something that
doesn't make sense to me.
There are Location nodes that have both specific roles and all users set
for the allow property. Like so:
<location path="[SOME PATH]">
<system.web>
<allow roles="Admin, SuperUser" users="*" />
</system.web>
</location>
Is there any point in setting specific roles if all users are allowed
(signified by the *)? Does the fact that this exists: users="*" negate
this being set: roles="Admin, SuperUser"?
No comments:
Post a Comment