web.config : <authentication>

[cmrchs]

Hi,
I'm having problems with the interpretation of roles in the <authentication> entries in web.config

Scenario :
I'm logging on as 'Administrator' and try to access a site for which the IIS-authentication method is set to 'Integrated Windows' only

Following are the web.config-entries of the site :
<authentication mode="Windows" />
<identity impersonate="true" />
<authorization>
<allow users="MYDOMAIN\Administrator" />
<deny users="*" />
</authorization>

When I access the site it displays :
Authenticated user: MYDOMAIN\Administrator
User was authenticated with: NTLM
Windows identity: MYDOMAIN\Administrator
==> OK

but... the following gives me an "Access Denied"
<authentication mode="Windows" />
<identity impersonate="true" />
<authorization>
<allow roles="MYDOMAIN\Administrators" />
<deny users="*" />
</authorization>

And I double-checked that Administrator is a member of the Administrators-group
I tried with other users-roles and every time I allow only access to roles doesn't I have access ??
How come ?

Any ideas ?
thanks
Chris


**********************************************************************
Sent via Fuzzy Software @ http://www.fuzzysoftware.com/
Comprehensive, categorised, searchable collection of links to ASP & ASP.NET resources...

 

[Guest]

Hi,

Try this:

<authentication mode="Windows" />
<identity impersonate="true" />
<authorization>
<allow roles="Administrators" />
<deny users="*" />
</authorization>

I just removed "MYDOMAIN/".

Saravanan K V

 

[Lau Lei Cheong]

And it seems more logical to me if you use "deny roles" instead of "deny
users" in your case.
Your case may need to pass both "users" and "roles" level of filter before
you can gain access. (It is both logical and useful to check in both case)