Re: ASP.NET Authentication

If you are using Windows authentication, it might be easier to just use the
<authorization/> element in the web.config file to specify allow/deny lists
for your application than to resort to file system ACLs. ACLs give you
defense in depth and are a good idea, but the <authorization/> element is
sufficient for what you want.

If you mess with ACLs, remember that the worker process identity still needs
to be able to read the files too.

Joe K.

"Cathleen C via DotNetMonster.com" <u12958@uwe> wrote in message
news:592f05dce3afc@xxxxxx
> I'm now well beyond frustration.
>
> I created an ASP.NET app for our intranet that only certain individuals
> will
> be allowed to access IIS is set up with Windows Integrated Security and
> Anonymous Access turned off. I've made several changes to the web.config
> including <identity impersonate="true" />, <authentication mode="Windows"
> />
> (although it was already there) and a lot of variations in between in an
> attempt to force it to use the security settings placed upon the directory
> in
> Windows Explorer.
>
> I'm part of the admin group of useres on the network and have also added
> my
> individual username with Full Control and everything works. However, as
> soon
> as I remove priveledges for Network Services the page becomes
> inaccessible.
> Sometimes when I give those rights back to Network Services it still won't
> display the page even after clearing my IE files and cache! Just when I
> think I've circled in on the problem, the behavior becomes inconsistent
> and
> then I have to reinstall the application from the .msi.
>
> Also irritating to note is that I have <customErrors mode="Off" /> in web.
> config, but it won't display the detailed error message remotely. I have
> to
> log into the server to see a more enlightening message than "Runtime
> error"
> and then being directed to change the customErrors mode to off to view the
> specific error message. I open the web.config dircetly on the server and
> the mode is off!
>
> Anyway... The detailed error message is "Access denied..... Failed to
> start
> monitoring file changes" blah, blah, blah. The stack trace refers to
> System.
> Web.DirMonCompletion..ctor, .DirectoryMonitor.StartMonitoring, etc. I
> found
> an KB article on the directoyr length and some other nonsense that I tried
> for a similar error with a slightly different stack trace to no avail.
>
> This may not have any bearing on the issue, but this app uses CR .NET so
> I
> had to deploy with the appropriate Merge Modules. I installed with the
> .msi
> but if I make changes to the config file I just copy the project to the
> server. That seems reasonable and hopefully it is.
>
> Can anyone shed some light. It seems like this should be such a simple
> process.
>
> --
> Message posted via DotNetMonster.com
> http://www.dotnetmonster.com/Uwe/Forums.aspx/asp-net-security/200512/1


.