As long as you do not have an allow rule higher up, it will automatically
deny all roles that are not allowed. If you have a generic rule higher that
allows access, then you do have to explicitly deny. You can deny generically
for roles ... but you can for users. Thus, this is valid:
<location path="Protected.aspx">
<system.web>
<authorization>
<allow roles="Administrator"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA
*************************************************
Think outside of the box!
*************************************************
"Markus Palme" <Ma*********@googlemail.comwrote in message
news:11**********************@h48g2000cwc.googlegr oups.com...
Hi NG!
Is it possible to deny access to a (logged in) user that is not in any
role? Placeholders like <deny roles="?"/don't seem to be possible.
Regards
Markus
<location path="Protected.aspx">
<system.web>
<authorization>
<allow roles="Administrator"/>
<deny roles="Staff"/>
</authorization>
</system.web>
</location>