Authentication question ...
I have an ASP.net application which uses windows authentication to authenticate people. So in IIS, when you right click on the web and go permissions is where I have added few people in my company who can access the application.
Now, I have added a new page in the application, which has to be accessed by everyone in the company. Meaning, application still has to do windows authentication but allow everyone access to that one particular page. For other pages in the application, I still want to keep it the way it is.
any ideas??
Re: Authentication question ...
In IIS, browse down the tree to the page in question. Right click. Properties. File Security. You know what to do now. :afrog:
Re: Authentication question ...
Quote:
Originally Posted by mendhak
In IIS, browse down the tree to the page in question. Right click. Properties. File Security. You know what to do now. :afrog:
No, I don't actually. This page still has to be authenticated using win auth. So anonymous access is out of the question. How do I tell IIS to allow only those 10 users access to every page in the app using Windows Authentication, but for this one page allow everyone access to it using Windows Authentication.
Re: Authentication question ...
And also, this one page uses user controls (for header etc..) images and stuff. How will that work?
Re: Authentication question ...
I see...
Well, when you click "permissions" on a directory in IIS, you are setting NTFS permissions. This means that you can go into that file, in windows explorer, right click, security, then put 'everyone' in there. Make sure that you go into advanced and specify that the file should not inherit parent properties.
Re: Authentication question ...
Quote:
Originally Posted by mendhak
I see...
Well, when you click "permissions" on a directory in IIS, you are setting NTFS permissions. This means that you can go into that file, in windows explorer, right click, security, then put 'everyone' in there. Make sure that you go into advanced and specify that the file should not inherit parent properties.
What if the page uses other resources in the application, like i mentioned in previous post. Will they work fine?
Re: Authentication question ...
I posted at the same time as you using this new AJAX quick reply so didn't see your post. Hurrah for that, eh?
How exactly are they browsing to it, using a URL, right? Not a UNC? When the page is requested, that page should then use the ASP.NET worker process to request all the other resources. You will need to try this out but it should work and if it doesn't... it may be that the ASP.NET worker process is running under the security context of the logged in user who doesn't have permission to those resources.
Re: Authentication question ...
I figured there was no elegant solution to this problem. So I added a little security module in the system which checks if the person logged on has access to the page or not. At least that gives me flexibility in controlling things in future.