Results 1 to 8 of 8

Thread: Authentication question ...

  1. #1

    Thread Starter
    Member chocoloco's Avatar
    Join Date
    Mar 2006
    Posts
    42

    Authentication question ...

    I have an ASP.net application which uses windows authentication to authenticate people. So in IIS, when you right click on the web and go permissions is where I have added few people in my company who can access the application.

    Now, I have added a new page in the application, which has to be accessed by everyone in the company. Meaning, application still has to do windows authentication but allow everyone access to that one particular page. For other pages in the application, I still want to keep it the way it is.

    any ideas??

  2. #2
    I'm about to be a PowerPoster! mendhak's Avatar
    Join Date
    Feb 2002
    Location
    Ulaan Baator GooGoo: Frog
    Posts
    38,173

    Re: Authentication question ...

    In IIS, browse down the tree to the page in question. Right click. Properties. File Security. You know what to do now.

  3. #3

    Thread Starter
    Member chocoloco's Avatar
    Join Date
    Mar 2006
    Posts
    42

    Re: Authentication question ...

    Quote Originally Posted by mendhak
    In IIS, browse down the tree to the page in question. Right click. Properties. File Security. You know what to do now.
    No, I don't actually. This page still has to be authenticated using win auth. So anonymous access is out of the question. How do I tell IIS to allow only those 10 users access to every page in the app using Windows Authentication, but for this one page allow everyone access to it using Windows Authentication.

  4. #4

    Thread Starter
    Member chocoloco's Avatar
    Join Date
    Mar 2006
    Posts
    42

    Re: Authentication question ...

    And also, this one page uses user controls (for header etc..) images and stuff. How will that work?

  5. #5
    I'm about to be a PowerPoster! mendhak's Avatar
    Join Date
    Feb 2002
    Location
    Ulaan Baator GooGoo: Frog
    Posts
    38,173

    Re: Authentication question ...

    I see...

    Well, when you click "permissions" on a directory in IIS, you are setting NTFS permissions. This means that you can go into that file, in windows explorer, right click, security, then put 'everyone' in there. Make sure that you go into advanced and specify that the file should not inherit parent properties.

  6. #6

    Thread Starter
    Member chocoloco's Avatar
    Join Date
    Mar 2006
    Posts
    42

    Re: Authentication question ...

    Quote Originally Posted by mendhak
    I see...

    Well, when you click "permissions" on a directory in IIS, you are setting NTFS permissions. This means that you can go into that file, in windows explorer, right click, security, then put 'everyone' in there. Make sure that you go into advanced and specify that the file should not inherit parent properties.
    What if the page uses other resources in the application, like i mentioned in previous post. Will they work fine?

  7. #7
    I'm about to be a PowerPoster! mendhak's Avatar
    Join Date
    Feb 2002
    Location
    Ulaan Baator GooGoo: Frog
    Posts
    38,173

    Re: Authentication question ...

    I posted at the same time as you using this new AJAX quick reply so didn't see your post. Hurrah for that, eh?

    How exactly are they browsing to it, using a URL, right? Not a UNC? When the page is requested, that page should then use the ASP.NET worker process to request all the other resources. You will need to try this out but it should work and if it doesn't... it may be that the ASP.NET worker process is running under the security context of the logged in user who doesn't have permission to those resources.

  8. #8

    Thread Starter
    Member chocoloco's Avatar
    Join Date
    Mar 2006
    Posts
    42

    Re: Authentication question ...

    I figured there was no elegant solution to this problem. So I added a little security module in the system which checks if the person logged on has access to the page or not. At least that gives me flexibility in controlling things in future.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width