Specify more than one directory in Web.Config's Location Path element

You cannot specify multiple elements in the path attribute, but you can make use of the configSource attribute.

For example, the following original web.config file:

<?xml version="1.0"?>
<configuration>
  <location path="form1.aspx">
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
  <location path="form2.aspx">
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
  <location path="form3.aspx">
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
  <location path="form4.aspx">
    <system.web>
      <authorization>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>
  <location path="form5.aspx">
    <system.web>
      <authorization>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>
  <location path="form6.aspx">
    <system.web>
      <authorization>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>
</configuration>

Can be replaced by the following equivalent web.config, allow.config, and deny.config files:

web.config

<?xml version="1.0"?>
<configuration>
  <location path="form1.aspx">
    <system.web>
      <authorization configSource="allow.config" />
    </system.web>
  </location>
  <location path="form2.aspx">
    <system.web>
      <authorization configSource="allow.config" />
    </system.web>
  </location>
  <location path="form3.aspx">
    <system.web>
      <authorization configSource="allow.config" />
    </system.web>
  </location>
  <location path="form4.aspx">
    <system.web>
      <authorization configSource="deny.config" />
    </system.web>
  </location>
  <location path="form5.aspx">
    <system.web>
      <authorization configSource="deny.config" />
    </system.web>
  </location>
  <location path="form6.aspx">
    <system.web>
      <authorization configSource="deny.config" />
    </system.web>
  </location>
</configuration>

allow.config

<?xml version="1.0"?>
<authorization>
  <allow users="*"/>
</authorization>

deny.config

<?xml version="1.0"?>
<authorization>
  <deny users="*"/>
</authorization>

The usefulness of this approach increases as the number of allow/deny rules in each section increases.


sorry, but path property doesn't allow to use "," so you must write tag for all path, Or you can create web.config in each directory.