How should I configure IIS 7 to work with my web.config authorization?

Posted on 2015-01-08
Last Modified: 2015-01-09
Hi, I'm using C# and in vs2012 and IIS7
In my web.config, I have as follow.  In IIS for this site, in Authentication, i disabled all and enable Windows.  What should I set in the Authorization in IIS?  
There is a default rule that "Allows all users", should I delete that and leave that blank?
If I add a user in my web.config file, do I need to restart the app pool for this to take effect?
Thank you.

    <authentication mode="Windows">        
      <allow users="domian\userid1" />
      <allow roles="doming\usergroup1" />
      <deny users="*" />
Question by:lapucca
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
LVL 79

Expert Comment

ID: 40539049
are you looking to only allow users who authenticate access to the site?
No anonymous browsing?

If I understand your configuration, the only user who can authenticate and be authorized is domain\user1 who will have the role as domain\usergroup1

Please start from the begining.
What are you looking to achieve with the configuration of your application.

If want to limit access to domain users and their role is domain users adjust the authorization to reflect so.

Author Comment

ID: 40539082
Hi Arnold, Sorry I wasn't more clear.
This is a Intranet application and that's why i only allow Windows authentication.  This web application will only allow authenticated users in the "Allow Users" and users in the authenticated users in the user group(or role).   I hope that makes sense now?  Thank you.
LVL 79

Expert Comment

ID: 40539129
Did you craete the web.conf or are you using Iis security configuration option?

You should have allow domain users  in users authorization or just the usergroup1

Configuring iis to allow access to windows integrated.
MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

LVL 79

Expert Comment

ID: 40539134

Author Comment

ID: 40539148
I have web.config Authorization as I previously posted.  I have to set up the site in IIS and I believe at minimum configure that to enable Windows authentication.   Please look at my question again.  i want to know how to configure the IIS Authorization part since I already have it in my web.config.  I'm not clear with your answer to my question.  Thank you.
LVL 79

Expert Comment

ID: 40539160
The link I posted about the different available methods in IIS is what you are looking for please refer to the technet link and select the windows authentication link there. It includes the steps you would take to configure IIS.

IIS uses the web.config within the sitea

Author Comment

ID: 40539173
I think I explain my question quite thoroughly here.  i also took a look at the link but didn't find answeer to my question under Windows Authentication section.  I would appreciate it if you can just answer my question.  I can continue searing and googling and reading but I post my question here is hoping I can get help here.
LVL 79

Accepted Solution

arnold earned 500 total points
ID: 40539314
On the server. Administrative tools there is IIS management interface you open that.  Ad der features  there is authentication. You enable windows authentication while disabling all others. See link

Look near the bottom of this page that outline the step by step to configure IIS site to use windows authentication.

There are about seven lines there.
Here is the quoted section from the link:

Open IIS Manager and navigate to the level you want to manage. For information about opening IIS Manager, see Open IIS Manager (IIS 7). For information about navigating to locations in the UI, see Navigation in IIS Manager (IIS 7).
In Features View, double-click Authentication.
On the Authentication page, select Windows Authentication.
In the Actions pane, click Enable to use Windows authentication.


Author Closing Comment

ID: 40540916
If you read my question, I already did all that in IIS.
LVL 79

Expert Comment

ID: 40540940
I read, but you posted a web.config presumably configured through your C# application which when you upload your application will replace the one IIS manages within the site, going back through the IIS configuration, you can double check and correct the web.config file as needed. The config you posted had an authorization restriction to a specific user with a specific role.  It made no sense to prompt all users for authentication, but will only authorize one.

I believe usually, your C# or anyother application settings should be limited to the .Net framework and objects you need while leaving the IIS settings to be managed within IIS.

It is simpler to troubleshoot this way if an issue comes up.

Author Comment

ID: 40541067
In my web.config, I have as follow.  
"In IIS for this site, in Authentication, i disabled all and enable Windows.  What should I set in the Authorization in IIS?  "

My question was that if I need to set anything in the Authorization Rules in IIS when I already have this done in my web.config.   By default IIS Authorization Rules has "Allow all users".

Thank you.

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Problem Hi all,    While many today have fast Internet connection, there are many still who do not, or are connecting through devices with a slower connect, so light web pages and fast load times are still popular.    If your ASP.NET page …
Preparing an email is something we should all take special care with – especially when the email is for somebody you may not know very well. The pressures of everyday working life stacked with a hectic office environment can make this a real challen…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor ( Top Charts is a view in which you can set seve…

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question