T
Troy S.
Hello all. I am developing a 2.0 web site whereby the client wants to give
access to everyone in their company's domain (I assume that means Active
Directory). The site will be accessed from the Internet (outside the
company' intranet). Once logged in, I will grab the authenticated user's
identity and search SQL tables for their app-specific rights. I have
wrestled with the proper settings to enable this functionality but have yet
to stumble upon the correct solution.
I would think Allow Anonymous Access would be turned off via IIS and
web.config would have something similar to the folllowing in it:
<authentication mode="Windows"/>
<identity impersonate="true"/>
<authorization>
<allow roles="app-specific-role-name" />
<deny users="*" />
</authorization>
I'd greatly appreciate any insight you have or even links to proper
resources. Take care.
Troy
access to everyone in their company's domain (I assume that means Active
Directory). The site will be accessed from the Internet (outside the
company' intranet). Once logged in, I will grab the authenticated user's
identity and search SQL tables for their app-specific rights. I have
wrestled with the proper settings to enable this functionality but have yet
to stumble upon the correct solution.
I would think Allow Anonymous Access would be turned off via IIS and
web.config would have something similar to the folllowing in it:
<authentication mode="Windows"/>
<identity impersonate="true"/>
<authorization>
<allow roles="app-specific-role-name" />
<deny users="*" />
</authorization>
I'd greatly appreciate any insight you have or even links to proper
resources. Take care.
Troy