Is there a bug in Windows Authentication that I don't know about?
From: Reginald Hopkins (abc@def.com)
Date: 09/21/02
- Next message: David Cross [MS]: "Re: Enterprise Admin password"
- Previous message: Madhavi: "Re: Certificate Server & SP3"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Reginald Hopkins" <abc@def.com> Date: Fri, 20 Sep 2002 16:01:33 -0700
So I'm having trouble with Integrated Windows Authentication. I can't get my
website to allow access to anyone who is not a user on the machine.
Basically the setup is this:
1. Webserver (IIS) is in Domain1
2. IE only clients are in Domain2
3. Domain1 and Domain2 are trusted
4. My website is in ASP.NET
5. In the Webserver machine I've set up a local group that has as a member a
Domain2 group that includes all the users of Domain2
6. In the virtual directory properties of my website, (directory security
tab) I have enabled only the Integrated Windows Authentication.
7. In the Web.config file of my website I'm using the following...
<system.web>
<authentication mode="Windows" />
<identity impersonate="true" />
<authorization>
<allow roles="<local machine name>\<local group name from #5 above>"
/>
<allow roles="<domain of users>\<Domain Users group>" />
</authorization>
</system.web>
8. In the security tab of the properties on the actual folder that the
website files live in I've added the Internet Guest Account, my new group
from #5 above, and all the domain users from both domains. Having added
these accounts I've allowed them each to have Read & Execute access.
In this state, when ever a person from Domain2 goes to my website they get
the logon challenge dialog asking them to log in. When they enter valid
credentials the logon dialog just pops up again (for 3 successive times)
till they are finally denied access. On the other hand, I can go to the
website without the logon dialog and see my site just fine. But then my
account (from Domain2) is an administrator on the machine.
If I add a user from Domain2 to the webserver's Users group on my web server
then suddenly they have access to my website just like I want but they are
not supposed to have access to the machine so this is not really a viable
option for me. When I remove them from the Users group on the machine then
once again they cannot access my site.
What am I missing? I just want to allow access to everyone in the domain but
need them to be authenticated since I use their userid in my code.
I've already scoured the following information to no avail....
http://msdn.microsoft.com/msdnmag/issues/02/04/ASPSec/print.asp
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q308160
http://support.microsoft.com/default.aspx?scid=kb;EN-GB;Q168908
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q264921
- Next message: David Cross [MS]: "Re: Enterprise Admin password"
- Previous message: Madhavi: "Re: Certificate Server & SP3"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
