In my ASP.NET’s Web Config file I have the following location elements defined:
<location path="">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
<location path="dir1">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
<location path="dir2">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
The example above is specifying that all directories will be locked down to anonymous users except the two directories dir1 and dir2.
I’m curious if there is a syntax that I can use that will allow me to define more than one directory within one location element. For example, it would be convenient if we could do something like this…
<location path="dir1,dir2,etc">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
You cannot specify multiple elements in the path attribute, but you can make use of the configSource attribute.
For example, the following original web.config file:
<?xml version="1.0"?>
<configuration>
<location path="form1.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="form2.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="form3.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="form4.aspx">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="form5.aspx">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="form6.aspx">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
</configuration>
Can be replaced by the following equivalent web.config, allow.config, and deny.config files:
web.config
<?xml version="1.0"?>
<configuration>
<location path="form1.aspx">
<system.web>
<authorization configSource="allow.config" />
</system.web>
</location>
<location path="form2.aspx">
<system.web>
<authorization configSource="allow.config" />
</system.web>
</location>
<location path="form3.aspx">
<system.web>
<authorization configSource="allow.config" />
</system.web>
</location>
<location path="form4.aspx">
<system.web>
<authorization configSource="deny.config" />
</system.web>
</location>
<location path="form5.aspx">
<system.web>
<authorization configSource="deny.config" />
</system.web>
</location>
<location path="form6.aspx">
<system.web>
<authorization configSource="deny.config" />
</system.web>
</location>
</configuration>
allow.config
<?xml version="1.0"?> <authorization> <allow users="*"/> </authorization>
deny.config
<?xml version="1.0"?> <authorization> <deny users="*"/> </authorization>
The usefulness of this approach increases as the number of allow/deny rules in each section increases.
Method 2
sorry, but path property doesn’t allow to use “,”
so you must write tag for all path,
Or you can create web.config in each directory.
Method 3
it is possible to set path to a specific folder.
For example we have some aspx pages:
- /data/pages/form1.aspx
- /data/pages/form2.aspx
- /data/pages/form3.aspx
By creating this rule in web.config:
<location path="data/pages">
<system.webServer>
<httpProtocol>
<customHeaders>
<remove name="X-Frame-Options" />
<add name="X-Frame-Options" value="SAMEORIGIN" />
</customHeaders>
</httpProtocol>
</system.webServer>
</location>
All resources in data/pages will be affected.
Method 4
I had a similar issue. so went with the normal way of creating separate tags, no other BETTER solution.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0