Solved

How should I configure IIS 7 to work with my web.config authorization?

Posted on 2015-01-08
11
143 Views
Last Modified: 2015-01-09
Hi, I'm using C# and asp.net in vs2012 and IIS7
In my web.config, I have as follow.  In IIS for this site, in Authentication, i disabled all and enable Windows.  What should I set in the Authorization in IIS?  
There is a default rule that "Allows all users", should I delete that and leave that blank?
If I add a user in my web.config file, do I need to restart the app pool for this to take effect?
Thank you.

    <authentication mode="Windows">        
    </authentication>
    <authorization>
      <allow users="domian\userid1" />
      <allow roles="doming\usergroup1" />
      <deny users="*" />
    </authorization>
0
Comment
Question by:lapucca
  • 6
  • 5
11 Comments
 
LVL 76

Expert Comment

by:arnold
ID: 40539049
are you looking to only allow users who authenticate access to the site?
No anonymous browsing?


If I understand your configuration, the only user who can authenticate and be authorized is domain\user1 who will have the role as domain\usergroup1

Please start from the begining.
What are you looking to achieve with the configuration of your application.

If want to limit access to domain users and their role is domain users adjust the authorization to reflect so.
0
 

Author Comment

by:lapucca
ID: 40539082
Hi Arnold, Sorry I wasn't more clear.
This is a Intranet application and that's why i only allow Windows authentication.  This web application will only allow authenticated users in the "Allow Users" and users in the authenticated users in the user group(or role).   I hope that makes sense now?  Thank you.
0
 
LVL 76

Expert Comment

by:arnold
ID: 40539129
Did you craete the web.conf or are you using Iis security configuration option?

You should have allow domain users  in users authorization or just the usergroup1

Configuring iis to allow access to windows integrated.
0
 
LVL 76

Expert Comment

by:arnold
ID: 40539134
0
 

Author Comment

by:lapucca
ID: 40539148
I have web.config Authorization as I previously posted.  I have to set up the site in IIS and I believe at minimum configure that to enable Windows authentication.   Please look at my question again.  i want to know how to configure the IIS Authorization part since I already have it in my web.config.  I'm not clear with your answer to my question.  Thank you.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 76

Expert Comment

by:arnold
ID: 40539160
The link I posted about the different available methods in IIS is what you are looking for please refer to the technet link and select the windows authentication link there. It includes the steps you would take to configure IIS.

IIS uses the web.config within the sitea
0
 

Author Comment

by:lapucca
ID: 40539173
I think I explain my question quite thoroughly here.  i also took a look at the link but didn't find answeer to my question under Windows Authentication section.  I would appreciate it if you can just answer my question.  I can continue searing and googling and reading but I post my question here is hoping I can get help here.
0
 
LVL 76

Accepted Solution

by:
arnold earned 500 total points
ID: 40539314
On the server. Administrative tools there is IIS management interface you open that.  Ad der features  there is authentication. You enable windows authentication while disabling all others. See link

http://technet.microsoft.com/en-us/library/cc754628(v=ws.10).aspx

Look near the bottom of this page that outline the step by step to configure IIS site to use windows authentication.

There are about seven lines there.
Here is the quoted section from the link:


Open IIS Manager and navigate to the level you want to manage. For information about opening IIS Manager, see Open IIS Manager (IIS 7). For information about navigating to locations in the UI, see Navigation in IIS Manager (IIS 7).
In Features View, double-click Authentication.
On the Authentication page, select Windows Authentication.
In the Actions pane, click Enable to use Windows authentication.

0
 

Author Closing Comment

by:lapucca
ID: 40540916
If you read my question, I already did all that in IIS.
0
 
LVL 76

Expert Comment

by:arnold
ID: 40540940
I read, but you posted a web.config presumably configured through your C# application which when you upload your application will replace the one IIS manages within the site, going back through the IIS configuration, you can double check and correct the web.config file as needed. The config you posted had an authorization restriction to a specific user with a specific role.  It made no sense to prompt all users for authentication, but will only authorize one.

I believe usually, your C# or anyother application settings should be limited to the .Net framework and objects you need while leaving the IIS settings to be managed within IIS.

It is simpler to troubleshoot this way if an issue comes up.
0
 

Author Comment

by:lapucca
ID: 40541067
In my web.config, I have as follow.  
"In IIS for this site, in Authentication, i disabled all and enable Windows.  What should I set in the Authorization in IIS?  "

My question was that if I need to set anything in the Authorization Rules in IIS when I already have this done in my web.config.   By default IIS Authorization Rules has "Allow all users".

Thank you.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

What is an ISAPI filter?   •      It's an assembly (.dll file) that can add or change the way IIS works.   •      They can be enabled globally for your web server or on a site-by-site basis.   When the IIS server receives a request, enabling the ISAPI fi…
User art_snob (http://www.experts-exchange.com/M_6114203.html) encountered strange behavior of Android Web browser on his Mobile Web site. It took a while to find the true cause. It happens so, that the Android Web browser (at least up to OS ver. 2.…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now