I want to learn that which way is safer to deny page access.I know one of them for folder access.I don't need folders.
1. way
<location path="xfile">
<system.web>
<authorization>
<allow roles="admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
or 2. way
protected void Page_Load(object sender, EventArgs e)
{
if (!this.Page.User.Identity.IsAuthenticated)
{
Response.Redirect("/Login");
}
else
{
if (User.IsInRole("admin"))
{
// my action
}
else
{
Response.Redirect("/");
}
}
}
Have to I use folders for security? OR 2. way is unsafe ?
<location path="myPage.aspx">
<system.web>
<authorization>
<allow roles="admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
Check this link: https://weblogs.asp.net/gurusarkar/setting-authorization-rules-for-a-particular-page-or-folder-in-web-config