Re: <authentication mode="Windows" /> Question

From: Mike Shaw [MS] (mikeshaw@online.microsoft.com)
Date: 10/30/02 

From: "Mike Shaw [MS]" <mikeshaw@online.microsoft.com>
Date: Wed, 30 Oct 2002 11:13:08 -0000

Hi Craig

I'm concerned about this as it should be like that! For testing purposes,
can I suggest that you turn off Windows Integrated Authnetication and turn
on Basic. This will force the dialog to be presented to the user on the
remote machine to enter their credentials and you will be able to determine
if there is a problem with the application or with configuration elsewhere. 

--
Mike Shaw
.NET Developer Group, UK
This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use. © 2002 Microsoft Corporation. All rights
reserved.
"Craig" <craig@compete.com.au> wrote in message
news:ff7801c27e12$bbf9da20$2ae2c90a@phx.gbl...
Hi Mike
Thanks for replying.  Ok, when I log onto the site my
DOMAIN\UserName appears, when anyone else logs onto the
site DOMAIN\Administrator appears.  MACHINE\ASPNET has
permissions to the site virutal directory.
Anonymous access is unchecked for this vsite application.
Craig
>-----Original Message-----
>Hi Craig
>
>Because you are not impersonating, you will not need to
change any of the
>access permissions - all ACL checks will be against the
account the asp.net
>worker process is using.
>
>Is the name of the WindowsIdentity as you expect when
the other user
>connects to your site?  You may need to check the IIS
vroot of your
>application's security configuration has the Anonymous
option unchecked.
>
>--
>Mike Shaw
>..NET Developer Group, UK
>
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>You assume all risk for your use. © 2002 Microsoft
Corporation. All rights
>reserved.
>
>"Craig" <craig@compete.com.au> wrote in message
>news:59de01c27af4$38409280$39ef2ecf@TKMSFTNGXA08...
>Hi Mike
>
>A couple of issues which messed me up a bit.  Firstly I
>needed to log off the network to pick up the new group.
>Secondly I needed to be case sensitive which the
>DOMAN\GroupName.
>
>And a realted question, another user is also in the group
>I set up (he has logged off and back onto the network);
>when he connects to my machine to access the web site,
>the IsInRole(DOMAIN\GroupName) returns false.
>
>Do I need to do allow the DOMAIN\GroupName permission to
>the physical web folder?
>
>Craig
>
>>-----Original Message-----
>>Hi Craig
>>
>>It looks like what your are doing is corrrect, but
>sometimes you can get
>>caught out by the syntax of the string for the role you
>are testing for.
>>When you are looking for a domain based group
>membership, you need to use a
>>capitalised identity for the domain name.  For example:
>@"MYDOMAIN\mygroup"
>>
>>The text and case have to be identicle since the
>comparisson is done via a
>>hashtable and different cases in the test string will
>result in different
>>hash values.
>>
>>--
>>Mike Shaw
>>..NET Developer Group, UK
>>
>>This posting is provided "AS IS" with no warranties, and
>confers no rights.
>>You assume all risk for your use. © 2002 Microsoft
>Corporation. All rights
>>reserved.
>>
>>"Craig" <craig@compete.com.au> wrote in message
>>news:b41801c27a3a$77dc18c0$35ef2ecf@TKMSFTNGXA11...
>>> Hi
>>>
>>> I have a intranet web app where I need to check the
>role
>>> information of the windows user.  I have set up a role
>in
>>> the domain and added me, a domain user to it.  When I
>>> execute the IsInRole() method, the return value is
>>> false.
>>>
>>> The intention is to allow all authenicated users to
>>> access the site, users who are in the specified domain
>>> role have access to admin type features of the site.
>>>
>>> Here is my sample code for the page:
>>>
>>> WindowsPrincipal wp = (WindowsPrincipal)
>>> HttpContext.Current.User;
>>> if(wp.IsInRole("myDomainRole")) {
>>>   // user in role
>>> }
>>>
>>> ---
>>>
>>> Here is the relevant web.config section:
>>>
>>> <authentication mode="Windows" />
>>> <identity impersonate="false" />
>>>
>>> In machine.config, I have left the processModel as
is -
>>> default.
>>>
>>> ---
>>>
>>> In IIS, I have set the virtual web authentication
>methods
>>> to 'only' Integrate Windows authenication, the other
>>> checkboxes are unchecked.
>>>
>>> I would greatly appreciate any help in configuring
>this,
>>> as I have tired all sorts of ways to make this work.
>>>
>>> Regards
>>>
>>> Craig
>>
>>
>>.
>>
>
>
>.
>

Relevant Pages

  • Re: <authentication mode="Windows" /> Question
    ... access permissions - all ACL checks will be against the account the asp.net ... This posting is provided "AS IS" with no warranties, and confers no rights. ... >Hi Craig ... >> information of the windows user. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: Please can you help
    ... Thank you Craig for all your help I will do allyou say now much appriated ... > Please make sure you anti-virus software is working ok ... > - Defrag the Windows Registry file. ... >>error messages al lthe time and everytime we turn on the ...
    (microsoft.public.windowsxp.general)
  • Re: <authentication mode="Windows" /> Question
    ... Hi Craig ... caught out by the syntax of the string for the role you are testing for. ... > information of the windows user. ... I have set the virtual web authentication methods ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Drawing a line with a bevel ot sunken effect
    ... Hi Bob ... Craig ... > Find great Windows Forms articles in Windows Forms Tips and Tricks ...
    (microsoft.public.dotnet.framework.drawing)
  • Re: So leaky that a $4 billion industry was built to protect it
    ... a richer data interpreter, e.g. Wordpad ... release on Windows then, and ever since. ... To do any real damage to the operating system as ... with their rights) have the right to alter their own data. ...
    (microsoft.public.windowsxp.general)