ASP.NET authorisation allow "*" vs "?"

If I set an all-users authorization rule e.g. <allow users="*"/> does this also allow anonymous users (ie. ones that haven't logged in) to see the resource?

How about vice-versa - if I allow anonymous users with "?" can all logged in users also see it?

Solution

Yes - * means absolutely anybody.
Yes - ? means anonymous users from which all users "inherit".

Difference is mentioned in ASP.NET Authorization article.

Drop down list that allows blank or null to be selected
Setting Base Path using ConfigurationBuilder
DotNetZip (Ionic.Zip.dll) doesn't work with compress Chinese File or Folder name
An exception has been raised that is likely due to a transient failure - connect local PostgreSQL to Docker container
What is proper RegEx expression for SWIFT codes?
Cannot return null from an action method with a return type of 'Microsoft.AspNetCore.Mvc.IActionResult'
How do I get the currently loggedin Windows account from an ASP.NET page?
what URL should Kestrel listen to in a docker container on Azure App Service
WCF MessageContract not binding to classes - MessageContract is Null in endpoint
How do I Create Azure Static Web App with Visual Studio?
Preventing overwriting values one from another of the same application but different windows/tabs with different ID as query string
InvalidCastException: Unable to cast object of type 'System.Linq.OrderedEnumerable to type 'System.Collections.Generic.List
How to transform Model-View-Presenter architecture to WebAPI?
ASP.Net dropdownlist not returning index on selectedindexchanged event
GetProperty("pname") returns null
How to query data with composite partition key in CosmosDb
How to bypass validation for a button in ASP.NET?
How to build a working Nix package from an ASP.NET project?
How to rename a file in C#
C# - Crop Transparent/White space
How to get product name and product description from AssemblyInfo?
AutoMapper custom resolver cannot be used as type parameter
.NET Framework equivalent of IApplicationBuilder.UseForwardedHeaders()
How to prevent a clear data upon clicking new add address using button in ASP.Net Core
Crystal Reports: "Failed to Save Document" after changing Datasource
The 'Access-Control-Allow-Origin' Header Contains Multiple Values. However I Only Have One Value Defined in the Header?
Masking ASP.NET TextBox as password when TextMode is MultiLine
Remove border from alt text if image url is not valid
Cannot publish a blank 64-bit ASP.NET Web API 2 project in Visual Studio 2022
Sample Code: VB getNamedItem XML attribute in Microsoft MSXML.DOMDocument