Re: ASP.NET 2.0 WindowsTokenRoleProvider Local Groups Broken
- From: "IfThenElse" <sql_agentman@xxxxxxxxxxx>
- Date: Fri, 12 Oct 2007 12:10:58 -0700
Does this help you out? <deny users="*" /> might be killing <allow
roles="COMPUTER-NAME-HERE\Local PAIS Admins" />
<location path="Admin.aspx">
<system.web>
<authorization>
<deny users="*" />
<allow roles="COMPUTER-NAME-HERE\Local PAIS Admins" />
</authorization>
</system.web>
</location>
"Howard Hoffman" <HowardH@xxxxxxxxxxxxxxxx> wrote in message
news:O2IPx14CIHA.4752@xxxxxxxxxxxxxxxxxxxxxxx
I've an IIS6 ASP.NET 2.0 web site (not a virtual directory, a web-site).
I've configured the web-site (following directions at
http://support.microsoft.com/kb/215383) in the MetaBase to allow NTLM and
Negotiate access, and the site itself is using Integrated Windows
Authentication and allow-anonymous.
I've added an entry to my local HOSTS file, since there is no real
domain-name (yet) for the web-site DNS. So, my urls look like
http://mysite.com/Admin.aspx, where I've an entry in HOSTS for mysite.com
(127.0.0.1). The mysite.com site is in my Local Intranet sites in IE (I
put it there) as http://*.mysite.com.
I have a local group on the server computer (W2K3) named "Local PAIS
Admins". I have added myself to that group, and logged out of Windows and
logged back in (to the local machine -- the same computer that is hosting
the web site).
In web.config, I have a <location> element for the Admin.aspx page:
<location path="Admin.aspx">
<system.web>
<authorization>
<allow roles="COMPUTER-NAME-HERE\Local PAIS Admins" />
<deny users="*" />
</authorization>
</system.web>
</location>
obviously, substituting the actual machine name for COMPUTER-NAME-HERE.
If I run with RoleManager enabled in ASP.NET (<roleManager enabled="true"
defaultProvider="AspNetWindowsTokenRoleProvider"
cacheRolesInCookie="false">), I cannot get access to Admin.aspx, even
though I am in that group. I am prompted 3 times for the my credentials,
and I enter them correctly. Finally, I get the Access is Denied default
error page, with a 401.2 error.
If I run with the RoleManager element commented out, it works, and I can
see the page.
If I add myself to a BUILTIN group (say, Power Users), and change the
above <location> element to allow only that BUILTIN group, with
RoleManager enalbed for the WindowsTokenRoleProvider, it works. Only
BUILTIN groups work though.
I've not ever edited any of the
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG config files.
Can someone explain what is happening? Is this a known ASP.NET
WindowsTokenRoleProvider limitation? Am I doing something wrong?
I've a production deployment going on a similarly configured site, and we
need to use local-machine groups.
Thanks in advance,
Howard Hoffman
.
- References:
- ASP.NET 2.0 WindowsTokenRoleProvider Local Groups Broken
- From: Howard Hoffman
- ASP.NET 2.0 WindowsTokenRoleProvider Local Groups Broken
- Prev by Date: Re: ASP.NET 2.0 WindowsTokenRoleProvider Local Groups Broken
- Next by Date: Re: FormsAuthentication.SignOut() what to do after
- Previous by thread: Re: ASP.NET 2.0 WindowsTokenRoleProvider Local Groups Broken
- Next by thread: Re: ASP.NET 2.0 WindowsTokenRoleProvider Local Groups Broken
- Index(es):
Relevant Pages
|
