• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 250
  • Last Modified:

For my Intranet web application, how to limited only certain authenticated users and user gruops?

Hi, I'm using VS2012, asp.net, C# and IIS 7
in my web.config file, I want to limit my userid and a user group(AD Security group), and then deny all other users. Running in debug mode from my VS at my local PC gives me access deny error.  Please advise what could be the error here, thank you.

    <compilation debug="true" targetFramework="4.5" />
    <httpRuntime targetFramework="4.5" />
        <add namespace="System.Web.Optimization" />
    <controls><add assembly="Microsoft.AspNet.Web.Optimization.WebForms" namespace="Microsoft.AspNet.Web.Optimization.WebForms" tagPrefix="webopt" /></controls></pages>
    <authentication mode="Windows">        
      <allow users="myUserId"/>
      <allow roles="adUserGroup"/>
      <deny users="*"/>
    <profile defaultProvider="DefaultProfileProvider">
  • 3
  • 3
1 Solution
Michael FowlerSolutions ConsultantCommented:
IN System.Web set

<authentication mode="Windows"/>

and then you can add the authorisation section eg

  <allow users="domain\myUserId" />
  <allow roles="domain\adUserGroup" />
  <deny users="*" />

for more information have a look at

lapuccaAuthor Commented:
I got error as below. Is there a certain way that I need to set IIS for this site?  But I'm running it from my local PC, VS.

Server Error in '/' Application.

 Access is denied.
Description: An error occurred while accessing the resources required to serve this request. The server may not be configured for access to the requested URL.

Error message 401.2.: Unauthorized: Logon failed due to server configuration.  Verify that you have permission to view this directory or page based on the credentials you supplied and the authentication methods enabled on the Web server.  Contact the Web server's administrator for additional assistance.

Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.18446
Michael FowlerSolutions ConsultantCommented:
For testing you can
enable NTLM authentication by right-clicking the name of your project in the Solution Explorer window and selecting Properties. Next, select the Web tab and check the NTLM checkbox


For a production website you do set IIS to use Windows Authentication for the site

Open IIS Manager and navigate to the level you want to manage.
On the Authentication page, select Windows Authentication.
In the Actions pane, click Enable to use Windows authentication.
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

lapuccaAuthor Commented:
Awesome!  That worked! Do I need to remove the NTLM check when deploying to Production?  Thank you.
Michael FowlerSolutions ConsultantCommented:
No this only applied to local web server used during testing. When deploying it to production this is when you will set up windows authentication in IIS
lapuccaAuthor Commented:
Very awesome!  Thank you.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now