Re: ASP.NET - Windows Authentication Problem

From: Nicole Calinoiu (calinoiu)
Date: 02/02/05

  • Next message: William Stacey [MVP]: "Re: Problems with public key decryption with RSA"
    Date: Wed, 2 Feb 2005 10:56:01 -0500
    
    

    Chuck,

    No, you don't need to use the web.config file to limit access to a subset of
    possible users. However, it would certainly help folks answer your question
    if you were to explain how you are attempting to limit access. " I take the
    Everyone group away from the permissions" could mean a lot of things, one of
    which might be modification of the authorization list in a web.config file.

    My own first guess was that your site is set up to impersonate the client
    user, and you're limiting access via Windows permissions on the files
    themselves. If so, does "taking away" the Everyone group mean removing it
    from the access control list or explicitly denying it permissions to the
    files? If the former, then you'll need to grant access to some group to
    which your desired users belong. If the latter, you'll need to remove the
    denial since it's actively blocking all members of the Everyone group (incl.
    members of admin groups) from acquiring permissions they would otherwise be
    granted.

    HTH,
    Nicole

    "chuckdfoster" <chuckdfoster@hotmail.com> wrote in message
    news:uBSqMxTCFHA.3840@tk2msftngp13.phx.gbl...
    >I actually haven't messed with this part of the web.config file. Do I need
    > to change it if I am going to restrict access to only a certain Active
    > Directory group(SGG_SiteUsers)? Do I have to put the users or the group
    > name in the allow users part?
    >
    > <authorization>
    > <allow users="*"/> <!-- Allow all users -->
    >
    > <!-- <allow users="[comma separated list of users]"
    > roles="[comma separated list of roles]"/>
    > <deny users="[comma separated list of users]"
    > roles="[comma separated list of roles]"/>
    > -->
    > </authorization>
    > "Paul Glavich [MVP ASP.NET]" <glav@aspalliane.com-NOSPAM> wrote in message
    > news:uGAH3RRCFHA.2568@TK2MSFTNGP10.phx.gbl...
    >> I assume you mean the "Everyone" group that you have listed in the
    >> web.config and defined on the machine. Can you provide the
    >> <authorization>
    >> elements that have in your web.config so we can get a better idea of
    >> where
    >> you may have gone wrong.
    >>
    >> --
    >>
    >> - Paul Glavich
    >> ASP.NET MVP
    >> ASPInsider (www.aspinsiders.com)
    >>
    >>
    >> "chuckdfoster" <chuckdfoster@hotmail.com> wrote in message
    >> news:%23nj9POKCFHA.936@TK2MSFTNGP12.phx.gbl...
    >> > I am having a problem with my ASP.NET application and using Windows
    >> > Authentication. It works until I take the "Everyone" group away from
    > the
    >> > permissions. Then it won't let anyone in, including the domain admins
    > or
    >> > local admins. I do not have much knowledge of groups and rights, so
    >> forgive
    >> > me if I don't explain well.
    >> >
    >> > Has anyone else ever seen this problem or know away around it?
    >> >
    >> > Thanks,
    >> > Chuck Foster
    >> > Programmer Analyst
    >> > Eclipsys Corp. - St. Vincent Health System
    >> >
    >> >
    >>
    >>
    >
    >


  • Next message: William Stacey [MVP]: "Re: Problems with public key decryption with RSA"