POOK-101
asked on
ASP.net Active Directory Group Authentication
I am trying to lock it down a internal only website so only two Active Directory Security Group in our domain have access, and I cannot understand what I’m doing wrong. If the Active Directory User account is listed in one of the two Security Group the User gets access to the site and if the user is not listed in the group, they get routed to a custom Access Denied page. (Not the Windows Pop-up authentication box asking for the user ID and password) I guess I just don’t understand what I’m reading... (main thing is i don't want the windows pop-up) I'm very new to coding... I'm just a everyday Server/Exchange admin.
Any good examples someone can point me to? maybe a App_Start file, or something in the Global.asax
Details
IIS 8 windows 2012 server
Using ASP Master Pages if that helps
Site I have been reading
https://msdn.microsoft.com /en-us/lib rary/ff647 405.aspx
http://www.experts-exchang e.com/Prog ramming/La nguages/Sc ripting/AS P/Q_210880 59.html
http://forums.asp.net/t/12 39052.aspx
Any good examples someone can point me to? maybe a App_Start file, or something in the Global.asax
Details
IIS 8 windows 2012 server
Using ASP Master Pages if that helps
Site I have been reading
https://msdn.microsoft.com
http://www.experts-exchang
http://forums.asp.net/t/12
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If they use corporate wide GPO then most likely they should have this set because a lot of internal sites use this same authentication.
To find out, open command prompt and type GPRESULT /H C:\TEMP\RESULTS.HTML
Open RESULTS.HTML
That is a verbose output of your GPO Settings.
To find out, open command prompt and type GPRESULT /H C:\TEMP\RESULTS.HTML
Open RESULTS.HTML
That is a verbose output of your GPO Settings.
ASKER
Okay... Automatic logon with current username and password (Is Enable) in our policy
Looks to be working (only testing with one account right now) but I'm still getting the popup.
The Provider is only Negotiate
Any ideas on redirecting users to a Access denied page?
ASKER
So found out that on the Production Farm, i can't edit the local NTFS permissions.
So i'm looking to a Code way in C# to do this.
So i'm looking to a Code way in C# to do this.
Apologies, on the C# is that for a redirect or you looking for something that will "authenticate" users using LDAP versus Authenticated User?
I've requested that this question be deleted for the following reason:
Not enough information to confirm an answer.
Not enough information to confirm an answer.
ASKER
I ended up reading more about <security> settings with the Web.config in IIS. (took some time to understand it) but it works for me.
<security>
<authorization>
<remove users="*" roles="" verbs="" />
<add accessType="Allow" roles="Domain\Team A " />
<add accessType="Allow" roles="Domain\Team A " />
</authorization>
</security>
ASKER