OdeToCode IC Logo

What's Wrong With This Code? (#7)

Tuesday, October 10, 2006

This time, Joe Developer is building a web application for the company intranet. Most of the site is available to anonymous users, but one directory - the adminPages directory, should only be accessible to users in the machine's local administrators group. Joe added the following to the bottom of his web.config, and is feeling pretty secure.

<configuration>
  <location path="adminPages">
    <system.web>
      <authorization>
        <allow roles="BUILTIN\Administrators" />
        <deny users="?" />
      </authorization>
    </system.web>
  </location>  
</configuration>

Should Joe be worried?

All My Pluralsight Courses Pluralsight

K.Scott Allen OdeToCode by K. Scott Allen
RSS Subscribe
Follow Me Twitter
Search Search
About About
Learn C# Fundamentals Learn C#
Learn Web Development with ASP.NET Core Learn ASP.NET Core
Learn Azure Learn Azure