Windows authorization problem

From: Marc Thompson ("Marc)
Date: 03/10/04 

Date: Wed, 10 Mar 2004 16:56:10 -0500

Hi there!

Here is the situation, I have a Web app currently running on a W2k3 server
machine. Note: this machine isn't the DC. I am using the following in my
web.config file:

<identity impersonate="false" />

<authentication mode="Windows" />

<authorization>

  <deny users="?"/>

  <allow users="MyDomain.local\Jimmy"/>

  <deny users="*"/>

</authorization>

The good news is, this works just how I want it to on this machine. Only
"Jimmy" is authorized to view this application, no impersonation, everyone
else (authenticated or not) isn't authorized and thus can't view this app.

Now, when I put this Web App on the Domain Controller (W2k3 server) I get
can't get authorized. When I try to authenticate as "Jimmy" I get:

Error message 401.2.: You do not have permission to view this directory or
page using the credentials you supplied

if I change my web.config to:

<authorization>

  <deny users="?"/>

</authorization>

Then "Jimmy" is successfully authorized to view the app but, so is everyone
else on my domain. (Not acceptable)

Any help would be greatly appreciated. Both IIS servers have been set up the
same exact way it just seems like the DC Machine isn't liking the
<allow users="MyDomain.local\Jimmy"/>line. Any help would be much
appreciated!!!!!!

Relevant Pages

  • Re: Windows authorization problem
    ... The DC's IIS was using pointing to a UNC for its content. ... I have a Web app currently running on a W2k3 server ... when I put this Web App on the Domain Controller I get ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: RSOP Access denied at 1 of 5 DCs
    ... First check the logs using Event Viewer to see if any general problems are ... Firewall is enabled on the problem domain controller. ... After rejoinig the W2K3 Server to the domain ... > The only thing that is wrong is if I try to run an RSOP at the GPMC ...
    (microsoft.public.windows.group_policy)
  • Re: Going from 2000 SBS domain to w2k3 server domain
    ... > We have SBS 2000 and W2k3 server. ... We are not using Exchange, SQL or ISa on SBS 2000, it is used only ... Add new w2k3 srever into domain and promote it to domain controller ... > Is my thinking correct? ...
    (microsoft.public.backoffice.smallbiz2000)
  • Re: Please Help Major Problem Domain Controller offline for over 60 da
    ... Promote the w2k3 server again to a DC (make sure the old metadata has been ... > domain controller, the windows 2003 domain controller was brough down by ... > controller nothing work users cant login and other issues. ...
    (microsoft.public.windows.server.active_directory)
  • Re: HELP! Really strange problem w/AD and LDAP/LDIFDE
    ... On the 2nd part of my post, re. my "original" problem, I *think* that the problem may be that we were calling the LDAPJDK authenticate() method using a username of the form user@xxxxxxxxxxxxx I think that the admin username in the authenticateshould be a "full DN" style username. ... In other words, if the password was "Foobar123", and my password reset webapp changes the password to "Foobar456", I can bind using ldifde using either of those two passwords, even after rebooting the AD machine!! ... However, when I try to login to the AD machine as "test1", I can only login using the "correct" password, as set by my password web app. ... The original problem that I ran into today was that in this one environment, the authenticateusing the admin username/password is failing with an "invalid_credential" error, even though we KNOW that the admin username and password are valid. ...
    (microsoft.public.windows.server.active_directory)