PrinciplePermission vs web.config
PrinciplePermission is used within the aspx page to define the security principle for that page, while web.config is used to define the security for all files in the site, except there is another web.config within some subdirectory which can override the security specifications defined by the root web.config.
Another thing to remember is: PrinciplePermission can also override web.config if some rules are against to each other. That's useful when you define deny users="?" in web.config but you allow users to access createuser.aspx page to register. Otherwise, you will block all unregistered users from creating their user names.
Another thing to remember is: PrinciplePermission can also override web.config if some rules are against to each other. That's useful when you define deny users="?" in web.config but you allow users to access createuser.aspx page to register. Otherwise, you will block all unregistered users from creating their user names.
Comments