Cannot access aspx page if user is not in Admin group

M

Mathew Uthup

We have a secure directory with an aspx page called Reports.aspx runnig on
Windows2000 server with service pack 4. This directory has access rights to
only a specific gg_support group.We have Disabled anonymous access to this
directory and only enabled windows integrated authentication on this page and
in this directory for this group gg_suupport
However none of the members of this group can access any aspx page in this
directory unless they belong to the admin group. We do not want to give admin
rights to all members of this group nor do we want to give anonymous access
to this directory. The web config file explicitly sets impersonate to false.
No matter what, we cannot get it to work. The only way we can get it to work
is to grant Anonymous access or to give admin rights to this Group. My
understanding based on the readings from MSDN is that if Impersonate is set
to false and Integrated Authentication is enabled by IIS. The aspx worker
thread should execute under the default aspx account for IIS. My question,
isn’t Default account the same as used by the anonymous account? How do I get
it to work with the desired security setting that we need?

Thanks Mathew
 
M

Mathew Uthup

We figured this one out with a Microsoft support case. Apparently one needs
to Restart IIS if a new user is added to windows authenticated Directory. For
some Reason Aspx_Isapi does not refresh the Cached ACL in IIS5.0 ( I think
this is a Bug).Only Aspx extension in the secured directory has this problem
which leads me to think that ACL information is somehow cached by the
ASpx_isapi. Well one work around to this problem is to create a Local
ASP_User Group and give this Group all the necessary ACL permission for
Running ASP see the Following article
"http://msdn.microsoft.com/library/d...cpconaspnetrequiredaccesscontrollistsacls.asp"
and add users to this group. Once this Group exists adding new users to this
group somehow does not require Reboot of IIS. Hence I suggest planning ahead
by creating a Local user group with proper ACL Permissions for running
ASP.net if you want to avoid Rebooting IIS in production environment if you
plan to use Windows authentication. By the way in our case users in the Admin
Group had the proper ACL Permission for running ASP.net hence adding users
who belonged to this group always worked and did not require a Reboot of IIS.
Hope this Bug will be fixed in the next version of Asp.net
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

role/group authorization not recognizing user groups. 4
Authenticate user is in local NT group 2
AzMan non-admin problem under Win XP 0
allow write access for logged-in user 1
Allowing group access to encrypted web.config 0
401 if AppPool is not Network Service 2
Access user credentials with impersonate=admin acct? 0
client cannot access remote DB 2

Members online

No members online now.
Total: 34 (members: 0, guests: 34)
Robots: 381

Forum statistics

Threads
473,755
Messages
2,569,536
Members
45,013
Latest member
KatriceSwa

Latest Threads

Top