Re: <authentication mode="Windows" /> Question

From: Craig (craig@compete.com.au)
Date: 10/28/02 

From: "Craig" <craig@compete.com.au>
Date: Sun, 27 Oct 2002 15:44:04 -0800

Hi Mike

Thanks for replying. Ok, when I log onto the site my
DOMAIN\UserName appears, when anyone else logs onto the
site DOMAIN\Administrator appears. MACHINE\ASPNET has
permissions to the site virutal directory.

Anonymous access is unchecked for this vsite application.

Craig

>-----Original Message-----
>Hi Craig
>
>Because you are not impersonating, you will not need to
change any of the
>access permissions - all ACL checks will be against the
account the asp.net
>worker process is using.
>
>Is the name of the WindowsIdentity as you expect when
the other user
>connects to your site? You may need to check the IIS
vroot of your
>application's security configuration has the Anonymous
option unchecked.
>
>--
>Mike Shaw
>..NET Developer Group, UK
>
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>You assume all risk for your use. © 2002 Microsoft
Corporation. All rights
>reserved.
>
>"Craig" <craig@compete.com.au> wrote in message
>news:59de01c27af4$38409280$39ef2ecf@TKMSFTNGXA08...
>Hi Mike
>
>A couple of issues which messed me up a bit. Firstly I
>needed to log off the network to pick up the new group.
>Secondly I needed to be case sensitive which the
>DOMAN\GroupName.
>
>And a realted question, another user is also in the group
>I set up (he has logged off and back onto the network);
>when he connects to my machine to access the web site,
>the IsInRole(DOMAIN\GroupName) returns false.
>
>Do I need to do allow the DOMAIN\GroupName permission to
>the physical web folder?
>
>Craig
>
>>-----Original Message-----
>>Hi Craig
>>
>>It looks like what your are doing is corrrect, but
>sometimes you can get
>>caught out by the syntax of the string for the role you
>are testing for.
>>When you are looking for a domain based group
>membership, you need to use a
>>capitalised identity for the domain name. For example:
>@"MYDOMAIN\mygroup"
>>
>>The text and case have to be identicle since the
>comparisson is done via a
>>hashtable and different cases in the test string will
>result in different
>>hash values.
>>
>>--
>>Mike Shaw
>>..NET Developer Group, UK
>>
>>This posting is provided "AS IS" with no warranties, and
>confers no rights.
>>You assume all risk for your use. © 2002 Microsoft
>Corporation. All rights
>>reserved.
>>
>>"Craig" <craig@compete.com.au> wrote in message
>>news:b41801c27a3a$77dc18c0$35ef2ecf@TKMSFTNGXA11...
>>> Hi
>>>
>>> I have a intranet web app where I need to check the
>role
>>> information of the windows user. I have set up a role
>in
>>> the domain and added me, a domain user to it. When I
>>> execute the IsInRole() method, the return value is
>>> false.
>>>
>>> The intention is to allow all authenicated users to
>>> access the site, users who are in the specified domain
>>> role have access to admin type features of the site.
>>>
>>> Here is my sample code for the page:
>>>
>>> WindowsPrincipal wp = (WindowsPrincipal)
>>> HttpContext.Current.User;
>>> if(wp.IsInRole("myDomainRole")) {
>>> // user in role
>>> }
>>>
>>> ---
>>>
>>> Here is the relevant web.config section:
>>>
>>> <authentication mode="Windows" />
>>> <identity impersonate="false" />
>>>
>>> In machine.config, I have left the processModel as
is -
>>> default.
>>>
>>> ---
>>>
>>> In IIS, I have set the virtual web authentication
>methods
>>> to 'only' Integrate Windows authenication, the other
>>> checkboxes are unchecked.
>>>
>>> I would greatly appreciate any help in configuring
>this,
>>> as I have tired all sorts of ways to make this work.
>>>
>>> Regards
>>>
>>> Craig
>>
>>
>>.
>>
>
>
>.
>

Relevant Pages

  • Re: Windows Server 2003 Auto connect printers;
    ... I removed the NT Authentication but then the user's don't have enough ... then for a normal basic user to login to a TS without having NT ... Isn't some form of admin rights required for a non admin user ... >> You do this by granting only those permissions that are ...
    (microsoft.public.win2000.termserv.apps)
  • Re: You are not authorized to view this page
    ... Download following tool and make sure you have set the permissions and policies correctly as Q812614. ... Authentication and Access Control Diagnostics 1.0: ... This posting is provided "AS IS" with no warranties, and confers no rights. ... the web site has been set to use Anonymous access and Integrated Windows authentication is selected. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Make IIS 5.0 recognize NTFS Permissions??
    ... First of all the logical directory security: ... -> Basic, Digest or Integrated authentication. ... See that the IUSR_xxxx and everyone is cleared from the permissions. ... The rights on the ...
    (microsoft.public.inetserver.iis)
  • RE: HTTP Error 401.5 - Unauthorized: Authorization failed by an ISAPI/CGI application.
    ... I would check the permissions on the content to make sure all users have ... What authentication are you using? ... Microsoft IIS ... This posting is provided "AS IS" with no warranties, and confers no rights. ...
    (microsoft.public.inetserver.iis)
  • Re: Delegation of rights not providing rights to edit GPOs
    ... Just to be clear, to set the permissions on an existing GPO, select the GPO ... Mike Aubert ... This posting is provided "AS IS" with no warranties, and confers no rights. ...
    (microsoft.public.win2000.group_policy)