Solved

How should I configure IIS 7 to work with my web.config authorization?

Posted on 2015-01-08
11
152 Views
Last Modified: 2015-01-09
Hi, I'm using C# and asp.net in vs2012 and IIS7
In my web.config, I have as follow.  In IIS for this site, in Authentication, i disabled all and enable Windows.  What should I set in the Authorization in IIS?  
There is a default rule that "Allows all users", should I delete that and leave that blank?
If I add a user in my web.config file, do I need to restart the app pool for this to take effect?
Thank you.

    <authentication mode="Windows">        
    </authentication>
    <authorization>
      <allow users="domian\userid1" />
      <allow roles="doming\usergroup1" />
      <deny users="*" />
    </authorization>
0
Comment
Question by:lapucca
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 
LVL 78

Expert Comment

by:arnold
ID: 40539049
are you looking to only allow users who authenticate access to the site?
No anonymous browsing?


If I understand your configuration, the only user who can authenticate and be authorized is domain\user1 who will have the role as domain\usergroup1

Please start from the begining.
What are you looking to achieve with the configuration of your application.

If want to limit access to domain users and their role is domain users adjust the authorization to reflect so.
0
 

Author Comment

by:lapucca
ID: 40539082
Hi Arnold, Sorry I wasn't more clear.
This is a Intranet application and that's why i only allow Windows authentication.  This web application will only allow authenticated users in the "Allow Users" and users in the authenticated users in the user group(or role).   I hope that makes sense now?  Thank you.
0
 
LVL 78

Expert Comment

by:arnold
ID: 40539129
Did you craete the web.conf or are you using Iis security configuration option?

You should have allow domain users  in users authorization or just the usergroup1

Configuring iis to allow access to windows integrated.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 78

Expert Comment

by:arnold
ID: 40539134
0
 

Author Comment

by:lapucca
ID: 40539148
I have web.config Authorization as I previously posted.  I have to set up the site in IIS and I believe at minimum configure that to enable Windows authentication.   Please look at my question again.  i want to know how to configure the IIS Authorization part since I already have it in my web.config.  I'm not clear with your answer to my question.  Thank you.
0
 
LVL 78

Expert Comment

by:arnold
ID: 40539160
The link I posted about the different available methods in IIS is what you are looking for please refer to the technet link and select the windows authentication link there. It includes the steps you would take to configure IIS.

IIS uses the web.config within the sitea
0
 

Author Comment

by:lapucca
ID: 40539173
I think I explain my question quite thoroughly here.  i also took a look at the link but didn't find answeer to my question under Windows Authentication section.  I would appreciate it if you can just answer my question.  I can continue searing and googling and reading but I post my question here is hoping I can get help here.
0
 
LVL 78

Accepted Solution

by:
arnold earned 500 total points
ID: 40539314
On the server. Administrative tools there is IIS management interface you open that.  Ad der features  there is authentication. You enable windows authentication while disabling all others. See link

http://technet.microsoft.com/en-us/library/cc754628(v=ws.10).aspx

Look near the bottom of this page that outline the step by step to configure IIS site to use windows authentication.

There are about seven lines there.
Here is the quoted section from the link:


Open IIS Manager and navigate to the level you want to manage. For information about opening IIS Manager, see Open IIS Manager (IIS 7). For information about navigating to locations in the UI, see Navigation in IIS Manager (IIS 7).
In Features View, double-click Authentication.
On the Authentication page, select Windows Authentication.
In the Actions pane, click Enable to use Windows authentication.

0
 

Author Closing Comment

by:lapucca
ID: 40540916
If you read my question, I already did all that in IIS.
0
 
LVL 78

Expert Comment

by:arnold
ID: 40540940
I read, but you posted a web.config presumably configured through your C# application which when you upload your application will replace the one IIS manages within the site, going back through the IIS configuration, you can double check and correct the web.config file as needed. The config you posted had an authorization restriction to a specific user with a specific role.  It made no sense to prompt all users for authentication, but will only authorize one.

I believe usually, your C# or anyother application settings should be limited to the .Net framework and objects you need while leaving the IIS settings to be managed within IIS.

It is simpler to troubleshoot this way if an issue comes up.
0
 

Author Comment

by:lapucca
ID: 40541067
In my web.config, I have as follow.  
"In IIS for this site, in Authentication, i disabled all and enable Windows.  What should I set in the Authorization in IIS?  "

My question was that if I need to set anything in the Authorization Rules in IIS when I already have this done in my web.config.   By default IIS Authorization Rules has "Allow all users".

Thank you.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Lync server 2013 or Skype for business Backup Service Error ID 4049 – After File Share Migration
The article shows the basic steps of integrating an HTML theme template into an ASP.NET MVC project
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question