I have just finished building a web application but am stumped on one bit of code. Bascially I need to modify the <authorization> section of the web.config file via my .aspx page. My current C# code is below and does work in adding a user, however it adds it below the <deny users="*"> line which therefore still blocks the user from logging on.

Question 1: When I add a new user via my C# code how can I make sure it is placed above <deny users="*"> line?

Question 2: I have also placed a remove button on my page that I’d like to be able to read the <allow users=” ”> lines and based on what I type in a textbox and remove that user

Question 3: Alternatively I would love to have a dropdown list populated with a list of the allowed users read from the <allow users=” “> section and then be able to just select a user and click the remove button. Is this possible?

Please let me know if this belongs in the C# section


Default.aspx.cs Code:

protected void btnWrite_Click(object sender, EventArgs e)

        System.Configuration.Configuration configuration = WebConfigurationManager.OpenWebConfiguration("~");
        AuthorizationSection authorization = (AuthorizationSection)configuration.GetSection("system.web/authorization");
        AuthorizationRule accessRule = new AuthorizationRule(AuthorizationRuleAction.Allow);

hello brenton_77, first you've posted in the ASP category, this is an ASP.NET related thread.

In any event, can you post the relevant section of the web.config file to have a look?

Sorry about that, is it easy to re-post it under the ASP.NET section? Please see web.config section of code below


  <authentication mode="Forms">
        <forms name=".ASPNET" loginUrl="login.aspx" defaultUrl="Default/default.aspx" />

          <allow users="david" />
          <allow users="bill" />
          <deny users="*" />
          <allow users="john" />

Was anyone able to offer an assistance with this problem I'm experiencing?


Use ".Set" not "Add"

authorization.Rules.Set(0, accessRule);