Solved

Problem using Windows authentication

Posted on 2003-12-04
4
579 Views
Last Modified: 2012-05-05
I am working on security for our Intranet site(local) and I would like to use Windows Authentication.   Specifically I want to define roles for different pages on the site(IT,Finance,Police Department, Etc..).   I would then put our employees Windows accounts in different roles and check against that in code to see if they have permission to see a page.  

I have my authentication mode set to Windows and anonymous logon turned off in IIS.  I can use the line of code (User.Identity.Name) to see any users Windows account name that hits the site from a computer they logged into.  

I am having trouble with the line (User.IsInRole()). It returns true when I use "Everyone" but I have tried administrator(s), a group I know I belong to, and that returns false. I then created a new Windows user group, put myself in it, and it still returned false.  

I think that I am not creating roles in the right place. Any ideas you have on the subject would greatly be appreciated.
0
Comment
Question by:JeffDrummond
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 18

Assisted Solution

by:chicagoan
chicagoan earned 125 total points
ID: 9877957


Can't you group the content by directory and use group permissions on the directories?

Did you try BUILTIN\\Administrators (with a capital A)?
and machinename-or-domainneame\\Finance ? etc.

(IsInRole is case sensitive)

0
 
LVL 9

Accepted Solution

by:
TooKoolKris earned 125 total points
ID: 9878741
See if this helps at all:

Specify how HTTP user authentication is handled. To allow anonymous logons, set his value to &H30000. To allow automatic logon only in the Intranet zone, set this value to &H20000. To automatically logon using the current user name and password, set this value to 0. To prompt for a user name and password, set this value to &H10000. Just take the code and paste it into a .vbs file.

Script for carrying out this task :

HKEY_CURRENT_USER = &H80000001
strComputer = "."
Set objReg = GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
strKeyPath = "Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3"
objReg.CreateKey HKEY_CURRENT_USER, strKeyPath
ValueName = "1A00"
dwValue = 0
objReg.SetDWORDValue HKEY_CURRENT_USER, strKeyPath, ValueName, dwValue

Script for retrieving the current task setting:

On Error Resume Next
HKEY_CURRENT_USER = &H80000001
strComputer = "."
Set objReg = GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
strKeyPath = "Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3"
ValueName = "1A00"
objReg.GetDWORDValue HKEY_CURRENT_USER, strKeyPath, ValueName, dwValue
If IsNull(strValue) Then
    Wscript.Echo "Specify how HTTP user authentication is handled (Zone 3):  The value is either Null or could not be found in the registry."
Else
    Wscript.Echo "Specify how HTTP user authentication is handled (Zone 3): ", dwValue
End If
0
 

Author Comment

by:JeffDrummond
ID: 9927989
I got my answer elsewhere.  Thanks.
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 9928511
can you elaborate on the fix?
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recovering from what the press called "the largest-ever cyber-attack", IT departments worldwide are discussing ways to defend against this in the future. In this process, many people are looking for immediate actions while, instead, they need to tho…
There is a lot to be said for protecting yourself and your accounts with 2 factor authentication.  I found to my own chagrin, that there is a big downside as well.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Suggested Courses
Course of the Month7 days, 2 hours left to enroll

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question