Locked down account details area from OAuth clients.

author: Andrew Arnott <andrewarnott@gmail.com> 2010-01-01 19:13:51 -0800
committer: Andrew Arnott <andrewarnott@gmail.com> 2010-01-01 19:13:51 -0800
commit: c0c1cfa4072375d0a3a75716144322084ab3b8cc (patch)
tree: b81ad63ff6fdf074e590289304b5a2759c49181b
parent: 7da13004ce4877e530646b3e4c739c9e1c64cb83 (diff)
download: DotNetOpenAuth-c0c1cfa4072375d0a3a75716144322084ab3b8cc.zip
DotNetOpenAuth-c0c1cfa4072375d0a3a75716144322084ab3b8cc.tar.gz
DotNetOpenAuth-c0c1cfa4072375d0a3a75716144322084ab3b8cc.tar.bz2
1 files changed, 10 insertions, 1 deletions
diff --git a/projecttemplates/MvcRelyingParty/Web.config b/projecttemplates/MvcRelyingParty/Web.config
index da17c5a..0298af0 100644
--- a/projecttemplates/MvcRelyingParty/Web.config
+++ b/projecttemplates/MvcRelyingParty/Web.config
@@ -296,4 +296,13 @@
 			</service>-->
 		</services>
 	</system.serviceModel>
-</configuration>
-\ No newline at end of file
+
+	<!-- Protect certain user pages from delegated (OAuth) clients. -->
+	<location path="Account">
+		<system.web>
+			<authorization>
+				<deny roles="delegated"/>
+			</authorization>
+		</system.web>
+	</location>
+</configuration>
author	Andrew Arnott <andrewarnott@gmail.com>	2010-01-01 19:13:51 -0800
committer	Andrew Arnott <andrewarnott@gmail.com>	2010-01-01 19:13:51 -0800
commit	c0c1cfa4072375d0a3a75716144322084ab3b8cc (patch)
tree	b81ad63ff6fdf074e590289304b5a2759c49181b
parent	7da13004ce4877e530646b3e4c739c9e1c64cb83 (diff)
download	DotNetOpenAuth-c0c1cfa4072375d0a3a75716144322084ab3b8cc.zip DotNetOpenAuth-c0c1cfa4072375d0a3a75716144322084ab3b8cc.tar.gz DotNetOpenAuth-c0c1cfa4072375d0a3a75716144322084ab3b8cc.tar.bz2