|
-
Aug 11th, 2006, 12:02 PM
#1
Thread Starter
Frenzied Member
[2005] Active Directory and web.config
ok in my web.config file i have
Code:
<authorization>
<allow roles="MyDomain\QuoteManagerSalesReps" />
</authorization>
in the active directory i have a group call QuoteManagerSalesReps... but i'm still getting access denied... what am i doing wrong...
PS. this is the first time i've done a intranet app with windows authentication
-
Aug 11th, 2006, 02:49 PM
#2
Re: [2005] Active Directory and web.config
There are also 2 wildcard values to be aware of:
* = All users
? = Anonymous (unauthenticated) users
So you'll want to deny the other users apart from your domain group by choosing:
<authorization>
<allow roles="MyDomain\QuoteManagerSalesReps" />
<deny users="*" />
</authorization>
In IIS you can enable integrated windows authentication to pickup (or prompt for) a domain logon when someone navigates to your web application which you might want to use also:
- Click Start > Run, entering inetmgr and hit enter.
- Right clicking your virtual directory/website name & choose properties.
- Choose the Directory Security/File Security tab I believe it is, then select the top button to configure who can view this website.
- You'll want to select the "Integrated Windows Authentication" option only.
- Click Ok and close IIS. Open the web.config file and change the authentication line to <authentication mode="Windows">
Last edited by alex_read; Aug 11th, 2006 at 02:52 PM.
-
Aug 11th, 2006, 02:55 PM
#3
Thread Starter
Frenzied Member
Re: [2005] Active Directory and web.config
this is what i have but it still gives me an access denied
Code:
<authorization>
<deny users="?" />
<allow roles="MyDomanName\QuoteManagerSalesReps" />
<deny users="*" />
</authorization>
-
Aug 11th, 2006, 02:58 PM
#4
Thread Starter
Frenzied Member
Re: [2005] Active Directory and web.config
the only way it work is if i use a builtin account or my username for users attribute
-
Aug 11th, 2006, 03:02 PM
#5
Re: [2005] Active Directory and web.config
Have you altered your IIS settings also as above, or added a login form at all? You will need some way of specifying your user credentials (i.e your domain name so the framework can look your specified account up and check whether you are in the QuoteManagerSalesReps role).
-
Aug 11th, 2006, 03:07 PM
#6
Thread Starter
Frenzied Member
Re: [2005] Active Directory and web.config
yup the only thing that's checked is the Integrated Windows Authentication
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|