Re: Access denied when using active directory groups and windows authentication
From: Patrick.O.Ige (naijacoder_at_hotmail.com)
Date: 11/02/05
- Previous message: Joe Kaplan \(MVP - ADSI\): "Re: Access denied when using active directory groups and windows authentication"
- In reply to: Joe Kaplan \(MVP - ADSI\): "Re: Access denied when using active directory groups and windows authentication"
- Next in thread: Patrick.O.Ige: "Re: Access denied when using active directory groups and windows authentication"
- Reply: Patrick.O.Ige: "Re: Access denied when using active directory groups and windows authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 2 Nov 2005 16:09:11 +1100
Davis as Joe adviced i think you have to enable impersonation
I have done a simlar solution for a company and i had to use impersonation
unless i am wrong.
I was redirecting users after login in an intranet based Windows Auth to
perform authorisation.
Hope that helps
Patrick
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:uwsclX13FHA.1396@TK2MSFTNGP12.phx.gbl...
> Just out of curiosity, does the group-based authorization work if you
enable
> impersonation?
>
> I've heard of situations where impersonation needed to be enabled in order
> for the SIDs in the user's token to get resolved into friendly names at
> runtime, but I have no idea what causes this. That might be the problem
> though.
>
> It is also possible you are spelling the group name wrong, but hopefully
> that isn't it. :)
>
> Joe K.
>
> "David" <dtoyer@hotmail.com> wrote in message
> news:1130897303.635817.182630@z14g2000cwz.googlegroups.com...
> > Hi, I am trying to configure my app using windows authentication. I
> > would like to limit access to an Active Directory group but do not want
> > to implement impersonation. I've setup the config section as follows:
> >
> > <authentication mode="Windows" />
> > <authorization>
> > <allow roles="domainname\groupname" />
> > <deny users="*" />
> > </authorization>
> > <identity impersonate="false" />
> >
> > I am being prompted for user credentials, however, it is not letting me
> > in with a valid account. If I change the config section to limit to an
> > Active Directory user only, example: <allow users
> > ="domainname\username" />, this setting works just fine. It's very
> > frustrating and I'm hoping I won't need to open a Microsoft Support
> > ticket. Any suggestions are greatly appreciated.
> >
> > David
> >
>
>
- Previous message: Joe Kaplan \(MVP - ADSI\): "Re: Access denied when using active directory groups and windows authentication"
- In reply to: Joe Kaplan \(MVP - ADSI\): "Re: Access denied when using active directory groups and windows authentication"
- Next in thread: Patrick.O.Ige: "Re: Access denied when using active directory groups and windows authentication"
- Reply: Patrick.O.Ige: "Re: Access denied when using active directory groups and windows authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
