lapucca
asked on
How should I configure IIS 7 to work with my web.config authorization?
Hi, I'm using C# and asp.net in vs2012 and IIS7
In my web.config, I have as follow. In IIS for this site, in Authentication, i disabled all and enable Windows. What should I set in the Authorization in IIS?
There is a default rule that "Allows all users", should I delete that and leave that blank?
If I add a user in my web.config file, do I need to restart the app pool for this to take effect?
Thank you.
<authentication mode="Windows">
</authentication>
<authorization>
<allow users="domian\userid1" />
<allow roles="doming\usergroup1" />
<deny users="*" />
</authorization>
In my web.config, I have as follow. In IIS for this site, in Authentication, i disabled all and enable Windows. What should I set in the Authorization in IIS?
There is a default rule that "Allows all users", should I delete that and leave that blank?
If I add a user in my web.config file, do I need to restart the app pool for this to take effect?
Thank you.
<authentication mode="Windows">
</authentication>
<authorization>
<allow users="domian\userid1" />
<allow roles="doming\usergroup1" />
<deny users="*" />
</authorization>
ASKER
Hi Arnold, Sorry I wasn't more clear.
This is a Intranet application and that's why i only allow Windows authentication. This web application will only allow authenticated users in the "Allow Users" and users in the authenticated users in the user group(or role). I hope that makes sense now? Thank you.
This is a Intranet application and that's why i only allow Windows authentication. This web application will only allow authenticated users in the "Allow Users" and users in the authenticated users in the user group(or role). I hope that makes sense now? Thank you.
Did you craete the web.conf or are you using Iis security configuration option?
You should have allow domain users in users authorization or just the usergroup1
Configuring iis to allow access to windows integrated.
You should have allow domain users in users authorization or just the usergroup1
Configuring iis to allow access to windows integrated.
See link iis 7 auth
http://technet.microsoft.com/en-us/library/cc733010(v=WS.10).aspx
http://technet.microsoft.com/en-us/library/cc733010(v=WS.10).aspx
ASKER
I have web.config Authorization as I previously posted. I have to set up the site in IIS and I believe at minimum configure that to enable Windows authentication. Please look at my question again. i want to know how to configure the IIS Authorization part since I already have it in my web.config. I'm not clear with your answer to my question. Thank you.
The link I posted about the different available methods in IIS is what you are looking for please refer to the technet link and select the windows authentication link there. It includes the steps you would take to configure IIS.
IIS uses the web.config within the sitea
IIS uses the web.config within the sitea
ASKER
I think I explain my question quite thoroughly here. i also took a look at the link but didn't find answeer to my question under Windows Authentication section. I would appreciate it if you can just answer my question. I can continue searing and googling and reading but I post my question here is hoping I can get help here.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
If you read my question, I already did all that in IIS.
I read, but you posted a web.config presumably configured through your C# application which when you upload your application will replace the one IIS manages within the site, going back through the IIS configuration, you can double check and correct the web.config file as needed. The config you posted had an authorization restriction to a specific user with a specific role. It made no sense to prompt all users for authentication, but will only authorize one.
I believe usually, your C# or anyother application settings should be limited to the .Net framework and objects you need while leaving the IIS settings to be managed within IIS.
It is simpler to troubleshoot this way if an issue comes up.
I believe usually, your C# or anyother application settings should be limited to the .Net framework and objects you need while leaving the IIS settings to be managed within IIS.
It is simpler to troubleshoot this way if an issue comes up.
ASKER
In my web.config, I have as follow.
"In IIS for this site, in Authentication, i disabled all and enable Windows. What should I set in the Authorization in IIS? "
My question was that if I need to set anything in the Authorization Rules in IIS when I already have this done in my web.config. By default IIS Authorization Rules has "Allow all users".
Thank you.
"In IIS for this site, in Authentication, i disabled all and enable Windows. What should I set in the Authorization in IIS? "
My question was that if I need to set anything in the Authorization Rules in IIS when I already have this done in my web.config. By default IIS Authorization Rules has "Allow all users".
Thank you.
No anonymous browsing?
If I understand your configuration, the only user who can authenticate and be authorized is domain\user1 who will have the role as domain\usergroup1
Please start from the begining.
What are you looking to achieve with the configuration of your application.
If want to limit access to domain users and their role is domain users adjust the authorization to reflect so.