Version 24.2.8965

• Parameters
• Control Attributes
• Examples
• See Also

Use the arc:restrict keyword to restrict access to a service based on users and roles. This restriction takes precedence over any restrictions that you enforce using ASP.NET.

If you add arc:restrict to your script, only the specified users or roles can use the service.

The arc:restrict keyword can control access based on the following:

• The specific user trying to execute the feed.
• Whether the user is a member of a specified security role, where a role maps to the roles defined by the ASP.NET authentication and authorization configuration.

Note: You can have multiple arc:restrict statements in a single script. They are evaluated with the logical OR operator.

Parameters

• user: A comma-separated list of usernames. All users in the list have access to the feed. Note: If you have Windows Integrated Authentication, you must ensure that usernames are domain- or machine-qualified (for example, DOMAIN\username).
• role: A comma-separated list of role names. Any user in at least one of the specified roles has access to the feed.
• authtoken: A comma-separated list of authtokens for users authorized to access the script. You can supply the authtoken in HTTP Basic authentication, the x-arcesb-authtoken header, or the @authtoken in the form-post data. If AllowtokeninURL is set in settings.json, located in the app_data folder, you can also supply @authtoken in the query string.
• visibility: Setting the visibility to local makes the script inaccessible directly from HTTP. However, you can still invoke the script through another script.
• method: A comma-separated list of HTTP methods that the specified user can execute against the feed.

Control Attributes

None

Examples

Grant access only to the tomk and jdoe users:

<arc:restrict user="newton\jdoe,newton\tomk"/>

Grant access only to a user in the FeedConsumers role:

<arc:restrict role="FeedConsumers"/>

See Also

• arc:call: Call scripts, operations, or feeds.