This project is read-only.
1
Vote

Role by Area is allowing anonymous access by url

description

Hy Ryan, before anything, great job with this solution...
I'm very interested on this and I've being testing the solution using the parameters on web.config as shown on documentation... I believe that I've found some issue: I can access the Admin/TopSecret directly if I put the address on the URL like this: http://localhost:14599/Admin/TopSecret.
Look my configuration to deny this access:
  <area name="Admin">
    <controllers>
      <controller name="TopSecret">
        <actions>
          <action name="Index">
            <policies>
              <policy name="MyCustomPolicy" /><!-- IsAuthorized = false -->
            </policies>
          </action>
        </actions>
      </controller>
    </controllers>
  </area>
Could you help me with this please?

Thanks a lot!

comments