What is difference between anonymous user and all users in asp authorization

Blue_Jack
Blue_Jack used Ask the Experts™
on
For asp.net authorization what is the difference between specifying in the config a * for all users or a ? for anonymous users. Is there an example where a  user would get in with the ? and not with the * or are these the same thing?
 
<authorization>
      <allow users="*" />
</authorization>
and
<authorization>
      <allow users="?" />
</authorization>
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Paul JacksonSoftware Engineer
Top Expert 2011

Commented:
The * refers to all users authenticated and unauthenticated, and therefore includes the set of anonymous users. The ? Just refers to anonymous users and is therefore a subset of the users when specifying an *

So no user would get in with ? Who wouldn't get in with *

http://msdn.microsoft.com/en-us/library/aa719554(VS.71).aspx

Author

Commented:
What would be an example of the opposite case? A case where an anonymous gets in where all other users would be blocked?
                           
                                            *                                     ?
Unauthenticated            Allowed                   Allowed (If authenticated you are anonymous)
Authenticated                Allowed                   Allowed  (if authenticated you are no longer anonymous)
Paul JacksonSoftware Engineer
Top Expert 2011

Commented:
<authorization>
      <allow users="?" />
      <deny users="*" />
</authorization>
Announcing the Winners!

The results are in for the 15th Annual Expert Awards! Congratulations to the winners, and thank you to everyone who participated in the nominations. We are so grateful for the valuable contributions experts make on a daily basis. Click to read more about this year’s recipients!

Author

Commented:
The only case I can think of that would meet your condition above would be

An unauthenticated (anonymous) user gets in.
Then an authenticated (not anonymous) user would NOT get in.

And when would you ever want that?
Is my understanding correct?
Software Engineer
Top Expert 2011
Commented:
Yes your understanding is correct.
I can't really think of any instances where someone would want that, unless for some reason you wanted to prevent internal authenticated users from using the website but allow external anonymous users to use it.

Author

Commented:
Thanks

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial