ASP.Net Authorization, Authorization in ASP.Net 2.0

After your application has authenticated users, you can proceed to authorize their access to resources. But there is a question to answer first: Just who is the user to whom your are grating access?

<authorization>
<allow .../>
<deny .../>
</authorization>

allow : Adds to the mapping of authorization rules an authorization rule that allows access to a resource.

deny : Adds to the mapping of authorization rules an authorization rule that denies access to a resource.

Configurable locations

• Machine.config
• Root-level Web.config
• Application-level Web.config
• Virtual or physical directory–level Web.config