If you don't want your users to use it, then why is it there?
If you mean that you only want a certain type of user to be able to use it,
then it seems to me that you need role-based authorisation. This is
probably most easily done by using forms authentication. Once you have
obtained the roles (from a database or whatever) for the user, you can use
attributes on your classes and/or methods to determine which types of user
can do what (e.g. you can use attributes to ensure that a user trying to
access the edit functionality is both logged in and a member of the "edit"
role (or whatever you might like to call it)). If they are not
authenticated, a SecurityException will be thrown - which you must make sure
to catch (probably in Global.aspx).
HTH
Peter
"xke" <xk****@gmail.comwrote in message
news:11**********************@64g2000cwx.googlegro ups.com...
Using web.config authorization settings, is it possible to allow my
users to access default.aspx but not default.aspx?action=edit ??
<location path="default.aspx">
<system.web>
<authorization>
<allow users ="*" />
</authorization>
</system.web>
</location>
Thanks
xke