Re: <authentication mode="Windows" /> Question
From: Craig (craig@compete.com.au)
Date: 11/01/02
- Next message: Ed leNoir: "Re: How to use WindowsPrincipal properly??"
- Previous message: Kevin Yu: "Re: How to use WindowsPrincipal properly??"
- In reply to: Mike Shaw [MS]: "Re: <authentication mode="Windows" /> Question"
- Next in thread: Jimco Add-ins: "Re: <authentication mode="Windows" /> Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Craig" <craig@compete.com.au> Date: Thu, 31 Oct 2002 15:26:06 -0800
Hi Mike
The site appears to be working now. I ended up copying
the application to a web server on the network instead of
hosting it from my local development machine.
I still don't know why it showed any user not in the NT
group as DOMAIN\Administrator when a user browsed to my
local machine for the site.
>-----Original Message-----
>Hi Craig
>
>I'm concerned about this as it should be like that! For
testing purposes,
>can I suggest that you turn off Windows Integrated
Authnetication and turn
>on Basic. This will force the dialog to be presented to
the user on the
>remote machine to enter their credentials and you will
be able to determine
>if there is a problem with the application or with
configuration elsewhere.
>
>--
>Mike Shaw
>..NET Developer Group, UK
>
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>You assume all risk for your use. © 2002 Microsoft
Corporation. All rights
>reserved.
>
>"Craig" <craig@compete.com.au> wrote in message
>news:ff7801c27e12$bbf9da20$2ae2c90a@phx.gbl...
>Hi Mike
>
>Thanks for replying. Ok, when I log onto the site my
>DOMAIN\UserName appears, when anyone else logs onto the
>site DOMAIN\Administrator appears. MACHINE\ASPNET has
>permissions to the site virutal directory.
>
>Anonymous access is unchecked for this vsite application.
>
>Craig
>
>
>
>
>>-----Original Message-----
>>Hi Craig
>>
>>Because you are not impersonating, you will not need to
>change any of the
>>access permissions - all ACL checks will be against the
>account the asp.net
>>worker process is using.
>>
>>Is the name of the WindowsIdentity as you expect when
>the other user
>>connects to your site? You may need to check the IIS
>vroot of your
>>application's security configuration has the Anonymous
>option unchecked.
>>
>>--
>>Mike Shaw
>>..NET Developer Group, UK
>>
>>This posting is provided "AS IS" with no warranties, and
>confers no rights.
>>You assume all risk for your use. © 2002 Microsoft
>Corporation. All rights
>>reserved.
>>
>>"Craig" <craig@compete.com.au> wrote in message
>>news:59de01c27af4$38409280$39ef2ecf@TKMSFTNGXA08...
>>Hi Mike
>>
>>A couple of issues which messed me up a bit. Firstly I
>>needed to log off the network to pick up the new group.
>>Secondly I needed to be case sensitive which the
>>DOMAN\GroupName.
>>
>>And a realted question, another user is also in the
group
>>I set up (he has logged off and back onto the network);
>>when he connects to my machine to access the web site,
>>the IsInRole(DOMAIN\GroupName) returns false.
>>
>>Do I need to do allow the DOMAIN\GroupName permission to
>>the physical web folder?
>>
>>Craig
>>
>>>-----Original Message-----
>>>Hi Craig
>>>
>>>It looks like what your are doing is corrrect, but
>>sometimes you can get
>>>caught out by the syntax of the string for the role you
>>are testing for.
>>>When you are looking for a domain based group
>>membership, you need to use a
>>>capitalised identity for the domain name. For example:
>>@"MYDOMAIN\mygroup"
>>>
>>>The text and case have to be identicle since the
>>comparisson is done via a
>>>hashtable and different cases in the test string will
>>result in different
>>>hash values.
>>>
>>>--
>>>Mike Shaw
>>>..NET Developer Group, UK
>>>
>>>This posting is provided "AS IS" with no warranties,
and
>>confers no rights.
>>>You assume all risk for your use. © 2002 Microsoft
>>Corporation. All rights
>>>reserved.
>>>
>>>"Craig" <craig@compete.com.au> wrote in message
>>>news:b41801c27a3a$77dc18c0$35ef2ecf@TKMSFTNGXA11...
>>>> Hi
>>>>
>>>> I have a intranet web app where I need to check the
>>role
>>>> information of the windows user. I have set up a
role
>>in
>>>> the domain and added me, a domain user to it. When I
>>>> execute the IsInRole() method, the return value is
>>>> false.
>>>>
>>>> The intention is to allow all authenicated users to
>>>> access the site, users who are in the specified
domain
>>>> role have access to admin type features of the site.
>>>>
>>>> Here is my sample code for the page:
>>>>
>>>> WindowsPrincipal wp = (WindowsPrincipal)
>>>> HttpContext.Current.User;
>>>> if(wp.IsInRole("myDomainRole")) {
>>>> // user in role
>>>> }
>>>>
>>>> ---
>>>>
>>>> Here is the relevant web.config section:
>>>>
>>>> <authentication mode="Windows" />
>>>> <identity impersonate="false" />
>>>>
>>>> In machine.config, I have left the processModel as
>is -
>>>> default.
>>>>
>>>> ---
>>>>
>>>> In IIS, I have set the virtual web authentication
>>methods
>>>> to 'only' Integrate Windows authenication, the other
>>>> checkboxes are unchecked.
>>>>
>>>> I would greatly appreciate any help in configuring
>>this,
>>>> as I have tired all sorts of ways to make this work.
>>>>
>>>> Regards
>>>>
>>>> Craig
>>>
>>>
>>>.
>>>
>>
>>
>>.
>>
>
>
>.
>
- Next message: Ed leNoir: "Re: How to use WindowsPrincipal properly??"
- Previous message: Kevin Yu: "Re: How to use WindowsPrincipal properly??"
- In reply to: Mike Shaw [MS]: "Re: <authentication mode="Windows" /> Question"
- Next in thread: Jimco Add-ins: "Re: <authentication mode="Windows" /> Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
