Solved

How should I configure IIS 7 to work with my web.config authorization?

Posted on 2015-01-08
11
151 Views
Last Modified: 2015-01-09
Hi, I'm using C# and asp.net in vs2012 and IIS7
In my web.config, I have as follow.  In IIS for this site, in Authentication, i disabled all and enable Windows.  What should I set in the Authorization in IIS?  
There is a default rule that "Allows all users", should I delete that and leave that blank?
If I add a user in my web.config file, do I need to restart the app pool for this to take effect?
Thank you.

    <authentication mode="Windows">        
    </authentication>
    <authorization>
      <allow users="domian\userid1" />
      <allow roles="doming\usergroup1" />
      <deny users="*" />
    </authorization>
0
Comment
Question by:lapucca
  • 6
  • 5
11 Comments
 
LVL 77

Expert Comment

by:arnold
ID: 40539049
are you looking to only allow users who authenticate access to the site?
No anonymous browsing?


If I understand your configuration, the only user who can authenticate and be authorized is domain\user1 who will have the role as domain\usergroup1

Please start from the begining.
What are you looking to achieve with the configuration of your application.

If want to limit access to domain users and their role is domain users adjust the authorization to reflect so.
0
 

Author Comment

by:lapucca
ID: 40539082
Hi Arnold, Sorry I wasn't more clear.
This is a Intranet application and that's why i only allow Windows authentication.  This web application will only allow authenticated users in the "Allow Users" and users in the authenticated users in the user group(or role).   I hope that makes sense now?  Thank you.
0
 
LVL 77

Expert Comment

by:arnold
ID: 40539129
Did you craete the web.conf or are you using Iis security configuration option?

You should have allow domain users  in users authorization or just the usergroup1

Configuring iis to allow access to windows integrated.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 77

Expert Comment

by:arnold
ID: 40539134
0
 

Author Comment

by:lapucca
ID: 40539148
I have web.config Authorization as I previously posted.  I have to set up the site in IIS and I believe at minimum configure that to enable Windows authentication.   Please look at my question again.  i want to know how to configure the IIS Authorization part since I already have it in my web.config.  I'm not clear with your answer to my question.  Thank you.
0
 
LVL 77

Expert Comment

by:arnold
ID: 40539160
The link I posted about the different available methods in IIS is what you are looking for please refer to the technet link and select the windows authentication link there. It includes the steps you would take to configure IIS.

IIS uses the web.config within the sitea
0
 

Author Comment

by:lapucca
ID: 40539173
I think I explain my question quite thoroughly here.  i also took a look at the link but didn't find answeer to my question under Windows Authentication section.  I would appreciate it if you can just answer my question.  I can continue searing and googling and reading but I post my question here is hoping I can get help here.
0
 
LVL 77

Accepted Solution

by:
arnold earned 500 total points
ID: 40539314
On the server. Administrative tools there is IIS management interface you open that.  Ad der features  there is authentication. You enable windows authentication while disabling all others. See link

http://technet.microsoft.com/en-us/library/cc754628(v=ws.10).aspx

Look near the bottom of this page that outline the step by step to configure IIS site to use windows authentication.

There are about seven lines there.
Here is the quoted section from the link:


Open IIS Manager and navigate to the level you want to manage. For information about opening IIS Manager, see Open IIS Manager (IIS 7). For information about navigating to locations in the UI, see Navigation in IIS Manager (IIS 7).
In Features View, double-click Authentication.
On the Authentication page, select Windows Authentication.
In the Actions pane, click Enable to use Windows authentication.

0
 

Author Closing Comment

by:lapucca
ID: 40540916
If you read my question, I already did all that in IIS.
0
 
LVL 77

Expert Comment

by:arnold
ID: 40540940
I read, but you posted a web.config presumably configured through your C# application which when you upload your application will replace the one IIS manages within the site, going back through the IIS configuration, you can double check and correct the web.config file as needed. The config you posted had an authorization restriction to a specific user with a specific role.  It made no sense to prompt all users for authentication, but will only authorize one.

I believe usually, your C# or anyother application settings should be limited to the .Net framework and objects you need while leaving the IIS settings to be managed within IIS.

It is simpler to troubleshoot this way if an issue comes up.
0
 

Author Comment

by:lapucca
ID: 40541067
In my web.config, I have as follow.  
"In IIS for this site, in Authentication, i disabled all and enable Windows.  What should I set in the Authorization in IIS?  "

My question was that if I need to set anything in the Authorization Rules in IIS when I already have this done in my web.config.   By default IIS Authorization Rules has "Allow all users".

Thank you.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

User art_snob (http://www.experts-exchange.com/M_6114203.html) encountered strange behavior of Android Web browser on his Mobile Web site. It took a while to find the true cause. It happens so, that the Android Web browser (at least up to OS ver. 2.…
Introduction This article shows how to use the open source plupload control to upload multiple images. The images are resized on the client side before uploading and the upload is done in chunks. Background I had to provide a way for user…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question