How should I configure IIS 7 to work with my web.config authorization?

Posted on 2015-01-08
Last Modified: 2015-01-09
Hi, I'm using C# and in vs2012 and IIS7
In my web.config, I have as follow.  In IIS for this site, in Authentication, i disabled all and enable Windows.  What should I set in the Authorization in IIS?  
There is a default rule that "Allows all users", should I delete that and leave that blank?
If I add a user in my web.config file, do I need to restart the app pool for this to take effect?
Thank you.

    <authentication mode="Windows">        
      <allow users="domian\userid1" />
      <allow roles="doming\usergroup1" />
      <deny users="*" />
Question by:lapucca
  • 6
  • 5
LVL 77

Expert Comment

ID: 40539049
are you looking to only allow users who authenticate access to the site?
No anonymous browsing?

If I understand your configuration, the only user who can authenticate and be authorized is domain\user1 who will have the role as domain\usergroup1

Please start from the begining.
What are you looking to achieve with the configuration of your application.

If want to limit access to domain users and their role is domain users adjust the authorization to reflect so.

Author Comment

ID: 40539082
Hi Arnold, Sorry I wasn't more clear.
This is a Intranet application and that's why i only allow Windows authentication.  This web application will only allow authenticated users in the "Allow Users" and users in the authenticated users in the user group(or role).   I hope that makes sense now?  Thank you.
LVL 77

Expert Comment

ID: 40539129
Did you craete the web.conf or are you using Iis security configuration option?

You should have allow domain users  in users authorization or just the usergroup1

Configuring iis to allow access to windows integrated.
LVL 77

Expert Comment

ID: 40539134

Author Comment

ID: 40539148
I have web.config Authorization as I previously posted.  I have to set up the site in IIS and I believe at minimum configure that to enable Windows authentication.   Please look at my question again.  i want to know how to configure the IIS Authorization part since I already have it in my web.config.  I'm not clear with your answer to my question.  Thank you.
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

LVL 77

Expert Comment

ID: 40539160
The link I posted about the different available methods in IIS is what you are looking for please refer to the technet link and select the windows authentication link there. It includes the steps you would take to configure IIS.

IIS uses the web.config within the sitea

Author Comment

ID: 40539173
I think I explain my question quite thoroughly here.  i also took a look at the link but didn't find answeer to my question under Windows Authentication section.  I would appreciate it if you can just answer my question.  I can continue searing and googling and reading but I post my question here is hoping I can get help here.
LVL 77

Accepted Solution

arnold earned 500 total points
ID: 40539314
On the server. Administrative tools there is IIS management interface you open that.  Ad der features  there is authentication. You enable windows authentication while disabling all others. See link

Look near the bottom of this page that outline the step by step to configure IIS site to use windows authentication.

There are about seven lines there.
Here is the quoted section from the link:

Open IIS Manager and navigate to the level you want to manage. For information about opening IIS Manager, see Open IIS Manager (IIS 7). For information about navigating to locations in the UI, see Navigation in IIS Manager (IIS 7).
In Features View, double-click Authentication.
On the Authentication page, select Windows Authentication.
In the Actions pane, click Enable to use Windows authentication.


Author Closing Comment

ID: 40540916
If you read my question, I already did all that in IIS.
LVL 77

Expert Comment

ID: 40540940
I read, but you posted a web.config presumably configured through your C# application which when you upload your application will replace the one IIS manages within the site, going back through the IIS configuration, you can double check and correct the web.config file as needed. The config you posted had an authorization restriction to a specific user with a specific role.  It made no sense to prompt all users for authentication, but will only authorize one.

I believe usually, your C# or anyother application settings should be limited to the .Net framework and objects you need while leaving the IIS settings to be managed within IIS.

It is simpler to troubleshoot this way if an issue comes up.

Author Comment

ID: 40541067
In my web.config, I have as follow.  
"In IIS for this site, in Authentication, i disabled all and enable Windows.  What should I set in the Authorization in IIS?  "

My question was that if I need to set anything in the Authorization Rules in IIS when I already have this done in my web.config.   By default IIS Authorization Rules has "Allow all users".

Thank you.

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Determine Server Specs for IIS.7 Website 4 42
Problem to page 4 75
C#  Radio button search for Date not DateTime 4 35
logs for inetpub time stamps are off 1 16
A quick way to get a menu to work on our website, is using the Menu control and assign it to a web.sitemap using SiteMapDataSource. Example of web.sitemap file: (CODE) Sample code to add to the page menu: (CODE) Running the application, we wi…
Problem Hi all,    While many today have fast Internet connection, there are many still who do not, or are connecting through devices with a slower connect, so light web pages and fast load times are still popular.    If your ASP.NET page …
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now