Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Problem using Windows authentication

Posted on 2003-12-04
4
Medium Priority
?
580 Views
Last Modified: 2012-05-05
I am working on security for our Intranet site(local) and I would like to use Windows Authentication.   Specifically I want to define roles for different pages on the site(IT,Finance,Police Department, Etc..).   I would then put our employees Windows accounts in different roles and check against that in code to see if they have permission to see a page.  

I have my authentication mode set to Windows and anonymous logon turned off in IIS.  I can use the line of code (User.Identity.Name) to see any users Windows account name that hits the site from a computer they logged into.  

I am having trouble with the line (User.IsInRole()). It returns true when I use "Everyone" but I have tried administrator(s), a group I know I belong to, and that returns false. I then created a new Windows user group, put myself in it, and it still returned false.  

I think that I am not creating roles in the right place. Any ideas you have on the subject would greatly be appreciated.
0
Comment
Question by:JeffDrummond
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 18

Assisted Solution

by:chicagoan
chicagoan earned 500 total points
ID: 9877957


Can't you group the content by directory and use group permissions on the directories?

Did you try BUILTIN\\Administrators (with a capital A)?
and machinename-or-domainneame\\Finance ? etc.

(IsInRole is case sensitive)

0
 
LVL 9

Accepted Solution

by:
TooKoolKris earned 500 total points
ID: 9878741
See if this helps at all:

Specify how HTTP user authentication is handled. To allow anonymous logons, set his value to &H30000. To allow automatic logon only in the Intranet zone, set this value to &H20000. To automatically logon using the current user name and password, set this value to 0. To prompt for a user name and password, set this value to &H10000. Just take the code and paste it into a .vbs file.

Script for carrying out this task :

HKEY_CURRENT_USER = &H80000001
strComputer = "."
Set objReg = GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
strKeyPath = "Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3"
objReg.CreateKey HKEY_CURRENT_USER, strKeyPath
ValueName = "1A00"
dwValue = 0
objReg.SetDWORDValue HKEY_CURRENT_USER, strKeyPath, ValueName, dwValue

Script for retrieving the current task setting:

On Error Resume Next
HKEY_CURRENT_USER = &H80000001
strComputer = "."
Set objReg = GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
strKeyPath = "Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3"
ValueName = "1A00"
objReg.GetDWORDValue HKEY_CURRENT_USER, strKeyPath, ValueName, dwValue
If IsNull(strValue) Then
    Wscript.Echo "Specify how HTTP user authentication is handled (Zone 3):  The value is either Null or could not be found in the registry."
Else
    Wscript.Echo "Specify how HTTP user authentication is handled (Zone 3): ", dwValue
End If
0
 

Author Comment

by:JeffDrummond
ID: 9927989
I got my answer elsewhere.  Thanks.
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 9928511
can you elaborate on the fix?
0

Featured Post

Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
The well known Cerber ransomware continues to spread this summer through spear phishing email campaigns targeting enterprises. Learn how it easily bypasses traditional defenses - and what you can do to protect your data.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question