<allow users=""> question

[Guest]

is it possible to add a bunch of users to group and only allow group to
access the web page or do I need to add each user to the web.config file?

Or is there another way to do this?
I just took over a project and most of the web sites have users defined in
the web.config file that can access the site. Now users come and go so this
config file is always being modified. Could I just add the users to a group
and only allow that group, or would a Active Directory /LDAP path work better?

 

[Guest]

is it possible to add a bunch of users to group and only allow group to
access the web page or do I need to add each user to the web.config file?

yes, sure

Specify the "roles" property when configuring <deny> and <allow>
elements, as shown here:

<authorization>
<allow roles="DomainName\WindowsGroup" />
<deny users="DomainName\UserName" />
</authorization>

http://msdn2.microsoft.com/en-us/library/acsd09b0.aspx
http://msdn2.microsoft.com/en-us/library/ms998358.aspx

 

[Guest]

when I do that I'm prompted for an ID and pwd. I don't want to the prompt to
pop up for each user.

 

[Guest]

when I do that I'm prompted for an ID and pwd. I don't want to the prompt to
pop up for each user.

Something is wrong. When you typed the login and password, does it
work?

 

[Guest]

no, I enter it in 3 times then it takes me to an error page: 'you are unable
to view this page'.

I even have a web site were I have:
<identity impersonate="true" userName="myDomain\testuser" password="1235"/>
in the web.config file and Im prompted for a username and pwd and even when
I type in the username and pwd i get the samething. 'you are able to view
this page'

I thought I had a typo so I tried just a username and samething.
I dont' want the username and pwd prompt at all.

 

[Guest]

no, I enter it in 3 times then it takes me to an error page: 'you are unable
to view this page'.

I even have a web site were I have:
<identity impersonate="true" userName="myDomain\testuser" password="1235"/>
in the web.config file and Im prompted for a username and pwd and even when
I type in the username and pwd i get the samething. 'you are able to view
this page'

Okay, let's try to find what's wrong there. I've just tested it on my
remote server box and that's working well without prompting me for
password.

1. Why do you set impersonation? Do you need it?

2. Which Authentication method is used in IIS? Properties -
Dir.Security - Auth.Control - Edit

3. Which Authentication mode is used in web.config?

 

[Mike]

1. Why do you set impersonation? Do you need it?
Not sure, I just came on board for the project. not sure

2. Which Authentication method is used in IIS? Properties -
Dir.Security - Auth.Control - Edit:
the only thing checked here is 'Integrated Windows Auth.

3. Which Authentication mode is used in web.config?
<authentication mode="Windows"/>
and this is set as well:
identity impersonate="true" userName="domain\username"
password="1234"/>

and every time I hit the site I'm prompted for an ID and password.

not sure if this makes a difference or not but, under IIS application pools,
I have a appPool for my web site and I have the identiy set to
'domain\username" and the 1234 password, and I'm still challenged.

any suggestions?

 

[Guest]

1. Why do you set impersonation? Do you need it?
Not sure, I just came on board for the project. not sure

Okay, I guess you don't need it With impersonation ASP.NET Web
application would access the file system using as the user "myDomain
\testuser". Maybe this is the reason of a login prompt. Either remove
that section, or set

<identity impersonate="false" />

More about impersonation
http://msdn2.microsoft.com/en-us/library/aa292118.aspx

Now, try to set

<authorization>
<allow users="*"/>
<authorization>

Make sure that your account has access

Set up an access rule for specific group (your user must be a member
of that group)

<authorization>
<allow roles="DOMAIN\group"/>
<deny users="*"/>
<authorization>

See what happens

 

[Tom]

still prompted for ID and Password.

Okay, I guess you don't need it With impersonation ASP.NET Web
application would access the file system using as the user "myDomain
\testuser". Maybe this is the reason of a login prompt. Either remove
that section, or set

<identity impersonate="false" />

More about impersonation
http://msdn2.microsoft.com/en-us/library/aa292118.aspx

Now, try to set

<authorization>
<allow users="*"/>
<authorization>

Make sure that your account has access

Set up an access rule for specific group (your user must be a member
of that group)

<authorization>
<allow roles="DOMAIN\group"/>
<deny users="*"/>
<authorization>

See what happens

 

[Tom]

still prompted,
what would happen if I set ther username and password under:

IIS -->website --> properties --> directory security --> Edit

and add the username and pwd I want my site to run under as?

would that work for the impersonation or no?

 

[Tom]

I also gave my domain ID access to every folder for .net just to see if that
was an issue.

web site folder
asp.net temp files folder


and still prompted

 

[Guest]

I also gave my domain ID access to every folder for .net just to see if that
was an issue.

web site folder
asp.net temp files folder

and still prompted

wait... still prompted with <allow roles="DOMAIN\group"/>

or with an access for everyone?

<authorization>
<allow users="*"/>
<authorization>

Sorry, but it was unclear for me

 

[Tom]

if I have this:
<allow roles="DOMAIN\group"/>
I'm prompted for username and password


if i have this:
<authorization>
<allow users="myDomain\testuser"/>
<authorization>

I'm prompted for username and password

if i have this:
<identity impersonate="true" userName="myDomain\testuser" password="1235"/>

again prompted for username and password.

no matter what I have i'm prompted for username and password

 

[Guest]

if i have this:
<identity impersonate="true" userName="myDomain\testuser" password="1235"/>

Please, switch the impersonation off, otherwise we will never never
find an answer ;-)

Using impersonation, ASP.NET executes using the identity of the user
userName. As I understood your initial question, you need to allow a
group to access the web page. And this can be done without
impersonation.

no matter what I have i'm prompted for username and password

Should I understand it that you don't have the access at all?

Even with "allow users to everyone"?

<authorization>
<allow users="*"/>
<authorization>

What I want to understand is your current configuration. As I told
you, I did a test with two users today and allow roles rule in the
web.config. It took me about 2 min to get stuff working

 

[Tom]

I have to do both. I need impersonation on for some web apps and some I can
have off.But I need both options and both working and no prompts for the
username and password if impresonation = true

 

[Guest]

I have to do both. I need impersonation on for some web apps and some I can
have off.But I need both options and both working and no prompts for the

Okay, I understand it.

Back to my question: do you have a login prompt having <allow
users="*"/> ?

 

[Tom]

no I don't. only if I specify a user at

<allow users="domain\testuser" />
and
<identity impersonate="true" userName="myDomain\testuser"
password="1235"/>

I'm prompted for and id and pwd with the above 2 configurations only.

If I have
<allow users="*"/> I'm not prompted.

 

[Guest]

no I don't. only if I specify a user at

<allow users="domain\testuser" />
and
<identity impersonate="true" userName="myDomain\testuser"
password="1235"/>

I'm prompted for and id and pwd with the above 2 configurations only.

If I have
<allow users="*"/> I'm not prompted.

Hi Tom,

try to follow this document in MSDN
http://msdn2.microsoft.com/en-us/library/ms998358.aspx

Hope it helps to find your problem

Cheers!

 

[Christopher Strolia-Davis]

I know this thread is a bit old, but it does not look like there was
ever a resolution.

One thing that popped to mind for me as to why you might still see a
login window for name and password when you have windows authentication
is if you are using a browser other than IE.

So far, IE is the only browser that allows complete pass-through
authenticated access using kerberos and/or NT authentication.

In my experience, all other browsers that even allow it, generally
require you to send username and password in basic authentication style.

Hope this helps