This problem is really mysterious.
I have my app (asp.net) running on windows2003 server (sp1) with IIS6.0
I have disabled anonymous access for the virtual folder in IIS.
I have the following sections in my web.config as:
************************
<identity impersonate = "true"></identity>
and
<authorization>
<deny users="?" />
<!--
<allow users="*" /> --><!-- Allow all users -->
<!-- <allow users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
<deny users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
-->
</authorization>
and finally
<authentication mode="Windows" />
*************
I am expecting my app to ask for user credentials as soon as they type
"http://myServer/myApp" in the browser. But that's not happening, means, the home page of my app is not asking for any kind of credentials and is showing the page to the user. (either from the same domain or from diff domain) ...
Further more, I have one asp.net button on the page and that's coming as disabled for those users, even though I haven't coded a single line to disable the button in any case. If the user logins in the user computer as "serverDomain\adminUser"...then only the button is enabled.....
I am lost...please help me to find out what's happening....
thanks a lot in advance....
Reply With Quote