authorization

[niall29]

Hi

I have a problem which I am sure somebody will think is a very easy question but I am having alot of trouble with it.

 

I have created an intranet site and also a group in my Active directory called "issusers" and have written in my web.config file "allow roles =domain\iisusers" and I have only put 3 people in the list but my site is opening for everybody in the domain.

 

Please can somebody hel pme understand what Im doing wrong.

 

Thanks in advance

[bri189a]

Hi

I have a problem which I am sure somebody will think is a very easy question but I am having alot of trouble with it.

 

I have created an intranet site and also a group in my Active directory called "issusers" and have written in my web.config file "allow roles =domain\iisusers" and I have only put 3 people in the list but my site is opening for everybody in the domain.

 

Please can somebody hel pme understand what Im doing wrong.

 

Thanks in advance

I know it's a silly question, but the most obious, are you using (is it turned on) Windows Authentication? By default your web config file will set the authorization to none

[niall29]

No it's not a silly question but Yes I have it on. So thats not it

[PlausiblyDamp]

Could you post the relevant section of your web.config - also check you don't have

in the config file.

[niall29]

This is part of web.config file:

 

<authorization>

 

<allow roles="Domain\iisusers" />

<deny users ="?" />

 

</authorization>

 

I tried changing the "?" to a "*" but when I do it gives me a log in form which I do not want.

[PlausiblyDamp]

Have you tried removing the part and seeing what happens?

[niall29]

Yes I did remove the " <deny users = "?" " and it didn't help Edited September 20, 2004 by niall29

[Cassio]

Turn on impersonation in the web.config file.

[niall29]

I have impersonation on.

 

Can you also tell me If I put:

 

<allow roles="Domain\iisusers" />

<deny users ="*" />

 

Why does it give me the login in Msgbox

but if I remove the <deny users ="*" /> or change it to <deny users ="?" />

it goes straight to the web page no matter if you are in the iisusers group or not.

[PlausiblyDamp]

If you have them in the order

you are saying allow iisusers in and deny everyone else.

 

If you change it to deny users = "?" you are saying deny anyone who isn't logged in.

 

Either way it is not rejecting users - go with the deny = "*" option.

 

The reason you are getting the login prompt is the server is rejecting your current credentials (correct) so the browser is prompting for alternate ones.

[Cassio]

Did you disable anonymous access in IIS?

[Cassio]

Did you debug the app to see if IIS is passing the appropriate token?

 

This line will give you the current user:

string user = System.Security.Principal.WindowsIdentity.GetCurrent().Name;

[niall29]

Ok

Thanks I have found the problem with your help, So hopefully with your help again I will get a solution.

 

I have impersonation ="true" userName ="Domain\ReportReader" password= "password"

 

I thought it would keep the users ID until the page opened and then impersonate the user "ReportReader" but it takes the ID as soon as it opens hence why it never likes the ID no matter who logs in because ReportReader is not a member of the "IISGroup"

 

Please can you help me to work round this.

[Cassio]

When you define userName and password attributes in the impersonation element you are specifying that it will always use this identity regardless of the identity of the request. If you want to use the real requests identity you should remove these attributes from impersonation.

[niall29]

Thanks.

Now am I right in saying if I want to make a connection to a SQL server to pull a query I would just put the Username and password into the SQL connection string then. Instead of using SSPI because I dont want to give users rights to the Server

[Cassio]

Thats right.

[niall29]

what is wrong with this:

 

Public strConn As String = "Data Source=Igloo;uid=Domain\User;pwd=password;Database=dbName;"

 

Public Conn As New SqlConnection(strConn)

 

every time it fails

[Cassio]

try it:

Data Source=Igloo;Initial Catalog=dbName;User Id=Domain\User;Password=pass

[niall29]

Tried it and still doesnt work. I am pulling my hair out. I cant understand what is wrong.

[niall29]

Ok I dont know if it is always this way but when I used a server user login in stead of a domain/User it works but I still have a problem with the login box coming up when you open the page. Which I dont want.