Re: ASP.NET - Windows Authentication Problem

From: Nicole Calinoiu (calinoiu)
Date: 02/02/05

  • Next message: William Stacey [MVP]: "Re: Problems with public key decryption with RSA"
    Date: Wed, 2 Feb 2005 10:56:01 -0500
    
    

    Chuck,

    No, you don't need to use the web.config file to limit access to a subset of
    possible users. However, it would certainly help folks answer your question
    if you were to explain how you are attempting to limit access. " I take the
    Everyone group away from the permissions" could mean a lot of things, one of
    which might be modification of the authorization list in a web.config file.

    My own first guess was that your site is set up to impersonate the client
    user, and you're limiting access via Windows permissions on the files
    themselves. If so, does "taking away" the Everyone group mean removing it
    from the access control list or explicitly denying it permissions to the
    files? If the former, then you'll need to grant access to some group to
    which your desired users belong. If the latter, you'll need to remove the
    denial since it's actively blocking all members of the Everyone group (incl.
    members of admin groups) from acquiring permissions they would otherwise be
    granted.

    HTH,
    Nicole

    "chuckdfoster" <chuckdfoster@hotmail.com> wrote in message
    news:uBSqMxTCFHA.3840@tk2msftngp13.phx.gbl...
    >I actually haven't messed with this part of the web.config file. Do I need
    > to change it if I am going to restrict access to only a certain Active
    > Directory group(SGG_SiteUsers)? Do I have to put the users or the group
    > name in the allow users part?
    >
    > <authorization>
    > <allow users="*"/> <!-- Allow all users -->
    >
    > <!-- <allow users="[comma separated list of users]"
    > roles="[comma separated list of roles]"/>
    > <deny users="[comma separated list of users]"
    > roles="[comma separated list of roles]"/>
    > -->
    > </authorization>
    > "Paul Glavich [MVP ASP.NET]" <glav@aspalliane.com-NOSPAM> wrote in message
    > news:uGAH3RRCFHA.2568@TK2MSFTNGP10.phx.gbl...
    >> I assume you mean the "Everyone" group that you have listed in the
    >> web.config and defined on the machine. Can you provide the
    >> <authorization>
    >> elements that have in your web.config so we can get a better idea of
    >> where
    >> you may have gone wrong.
    >>
    >> --
    >>
    >> - Paul Glavich
    >> ASP.NET MVP
    >> ASPInsider (www.aspinsiders.com)
    >>
    >>
    >> "chuckdfoster" <chuckdfoster@hotmail.com> wrote in message
    >> news:%23nj9POKCFHA.936@TK2MSFTNGP12.phx.gbl...
    >> > I am having a problem with my ASP.NET application and using Windows
    >> > Authentication. It works until I take the "Everyone" group away from
    > the
    >> > permissions. Then it won't let anyone in, including the domain admins
    > or
    >> > local admins. I do not have much knowledge of groups and rights, so
    >> forgive
    >> > me if I don't explain well.
    >> >
    >> > Has anyone else ever seen this problem or know away around it?
    >> >
    >> > Thanks,
    >> > Chuck Foster
    >> > Programmer Analyst
    >> > Eclipsys Corp. - St. Vincent Health System
    >> >
    >> >
    >>
    >>
    >
    >


  • Next message: William Stacey [MVP]: "Re: Problems with public key decryption with RSA"

    Relevant Pages

    • [UNIX] Privilege Escalation Vulnerability on phpBB
      ... permissions), so although admin rights are needed to view the page, anyone ... Goto the board you wish to change the permissions for in the normal way ... Find the base directory location of the board for the script, ... This bulletin is sent to members of the SecuriTeam mailing list. ...
      (Securiteam)
    • RE: Send As permissions getting overwritten
      ... The issue should be caused that the users are members of the 'Domain ... Apply the 'Users' template to the existing power users using the Change ... User Permissions Wizard. ... >I've set up the security auditing as you've specified, ...
      (microsoft.public.windows.server.sbs)
    • Re: Securing IIS IUSER
      ... so that these account are not effectively Users members, ... > I then explicitly granted it read permissions to the wwwroot, ... Before granting IUSER permission to read the files/folder, ... > are any of these permitting IUSER access to files and folders with "Users" ...
      (microsoft.public.windows.server.security)
    • Re: Whatever happened to Site Groups in WSS 3.0?
      ... enormous number of groups at the site collection level. ... certain lists that are read only to team members) while the same individual ... Team Members) then break the inheritance of permissions on certain lists and ...
      (microsoft.public.sharepoint.windowsservices)
    • Re: Problem managing accounts in protected groups
      ... we have two domain admins: ... that someone will give more security permissions to users then to the admins. ... I think you have realized that the account management group is able to reset ... Most members of OU A are either members of Domain ...
      (microsoft.public.windows.server.active_directory)