Newbie: How to ensure only domain admin could use an ASP.NET web page

Discussion in 'ASP .Net Security' started by Navin Mishra, Aug 4, 2006.

  1. Navin Mishra

    Navin Mishra Guest

    Hi,

    I've built an administration application using ASP.NET. Now how I could
    ensure only domain admin could use the ASP.NET web page ? I tried setting
    window autentication for virtual directory security and aspz security and
    add domain adminstartor in allowed users in allowed users in web.config.
    When browing the aspx page I'm challenged for credentials and though I enter
    them all right the authentication fails. Then I tried basic authnetication
    using domain as realm and though I could access the page but it is
    accessible by all domain users and not only Adminstrator which I want and
    added in allowed users list.

    What I may be missing ? How it could be accomplished ?

    Thanks in advance and regards

    Navin
     
    Navin Mishra, Aug 4, 2006
    #1
    1. Advertising

  2. Hi,

    when you are adding <allow xxx /> elements to the authorization element,
    you also have to explicitly end the list with a <deny users="*" />

    read more about it here:

    http://www.leastprivilege.com/ASPNETAuthorizationSettings.aspx

    dominick

    > Hi,
    >
    > I've built an administration application using ASP.NET. Now how I
    > could ensure only domain admin could use the ASP.NET web page ? I
    > tried setting window autentication for virtual directory security and
    > aspz security and add domain adminstartor in allowed users in allowed
    > users in web.config. When browing the aspx page I'm challenged for
    > credentials and though I enter them all right the authentication
    > fails. Then I tried basic authnetication using domain as realm and
    > though I could access the page but it is accessible by all domain
    > users and not only Adminstrator which I want and added in allowed
    > users list.
    >
    > What I may be missing ? How it could be accomplished ?
    >
    > Thanks in advance and regards
    >
    > Navin
    >
     
    Dominick Baier, Aug 4, 2006
    #2
    1. Advertising

  3. Navin Mishra

    Navin Mishra Guest

    Thank you so much...it worked but only with using basic authentication mode
    with domain in IIS. If I use windows authentication mode only, then it still
    does not work.
    --
    Navin Mishra [Siemens]
    HiPath OpenScape Channel Support Team (TST)
    This posting is provided "AS IS" with no warranties, and confers no rights.
    You assume all risk for your use.

    "Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> wrote in
    message news:...
    > Hi,
    > when you are adding <allow xxx /> elements to the authorization element,
    > you also have to explicitly end the list with a <deny users="*" />
    >
    > read more about it here:
    >
    > http://www.leastprivilege.com/ASPNETAuthorizationSettings.aspx
    >
    > dominick
    >
    >> Hi,
    >>
    >> I've built an administration application using ASP.NET. Now how I
    >> could ensure only domain admin could use the ASP.NET web page ? I
    >> tried setting window autentication for virtual directory security and
    >> aspz security and add domain adminstartor in allowed users in allowed
    >> users in web.config. When browing the aspx page I'm challenged for
    >> credentials and though I enter them all right the authentication
    >> fails. Then I tried basic authnetication using domain as realm and
    >> though I could access the page but it is accessible by all domain
    >> users and not only Adminstrator which I want and added in allowed
    >> users list.
    >>
    >> What I may be missing ? How it could be accomplished ?
    >>
    >> Thanks in advance and regards
    >>
    >> Navin
    >>

    >
    >
     
    Navin Mishra, Aug 5, 2006
    #3
  4. what's not working??

    You definitely only grant access now to the specified groups...

    dominick

    > Thank you so much...it worked but only with using basic authentication
    > mode with domain in IIS. If I use windows authentication mode only,
    > then it still does not work.
    >
    > "Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> wrote
    > in message news:...
    >
    >> Hi,
    >> when you are adding <allow xxx /> elements to the authorization
    >> element,
    >> you also have to explicitly end the list with a <deny users="*" />
    >> read more about it here:
    >>
    >> http://www.leastprivilege.com/ASPNETAuthorizationSettings.aspx
    >>
    >> dominick
    >>
    >>> Hi,
    >>>
    >>> I've built an administration application using ASP.NET. Now how I
    >>> could ensure only domain admin could use the ASP.NET web page ? I
    >>> tried setting window autentication for virtual directory security
    >>> and aspz security and add domain adminstartor in allowed users in
    >>> allowed users in web.config. When browing the aspx page I'm
    >>> challenged for credentials and though I enter them all right the
    >>> authentication fails. Then I tried basic authnetication using domain
    >>> as realm and though I could access the page but it is accessible by
    >>> all domain users and not only Adminstrator which I want and added in
    >>> allowed users list.
    >>>
    >>> What I may be missing ? How it could be accomplished ?
    >>>
    >>> Thanks in advance and regards
    >>>
    >>> Navin
    >>>
     
    Dominick Baier, Aug 5, 2006
    #4
  5. Navin Mishra

    Navin Mishra Guest

    It is working on another machine...not sure what is going on with machine on
    which it is not working.

    BTW how to ensure that users who are in only local adminstrator group could
    use the web site ?

    Thanks!

    "Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> wrote in
    message news:...
    > what's not working??
    >
    > You definitely only grant access now to the specified groups...
    >
    > dominick
    >
    >> Thank you so much...it worked but only with using basic authentication
    >> mode with domain in IIS. If I use windows authentication mode only,
    >> then it still does not work.
    >>
    >> "Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> wrote
    >> in message news:...
    >>
    >>> Hi,
    >>> when you are adding <allow xxx /> elements to the authorization
    >>> element,
    >>> you also have to explicitly end the list with a <deny users="*" />
    >>> read more about it here:
    >>>
    >>> http://www.leastprivilege.com/ASPNETAuthorizationSettings.aspx
    >>>
    >>> dominick
    >>>
    >>>> Hi,
    >>>>
    >>>> I've built an administration application using ASP.NET. Now how I
    >>>> could ensure only domain admin could use the ASP.NET web page ? I
    >>>> tried setting window autentication for virtual directory security
    >>>> and aspz security and add domain adminstartor in allowed users in
    >>>> allowed users in web.config. When browing the aspx page I'm
    >>>> challenged for credentials and though I enter them all right the
    >>>> authentication fails. Then I tried basic authnetication using domain
    >>>> as realm and though I could access the page but it is accessible by
    >>>> all domain users and not only Adminstrator which I want and added in
    >>>> allowed users list.
    >>>>
    >>>> What I may be missing ? How it could be accomplished ?
    >>>>
    >>>> Thanks in advance and regards
    >>>>
    >>>> Navin
    >>>>

    >
    >
     
    Navin Mishra, Aug 18, 2006
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. - Steve -

    Ensure page is only accessed via SSL

    - Steve -, Jul 1, 2004, in forum: ASP .Net
    Replies:
    3
    Views:
    2,223
  2. =?Utf-8?B?dmE=?=
    Replies:
    1
    Views:
    1,646
    =?Utf-8?B?dmE=?=
    Feb 25, 2006
  3. Chad Dressler
    Replies:
    0
    Views:
    644
    Chad Dressler
    Dec 30, 2006
  4. sarah Fernandes
    Replies:
    0
    Views:
    517
    sarah Fernandes
    Nov 1, 2010
  5. Phlip
    Replies:
    1
    Views:
    292
    Eero Saynatkari
    Sep 15, 2006
Loading...

Share This Page