using location tag in web.config with custom application pool in I

P

Pete

Hi,

I have a ASP.NET account which uses the ASP.NEt location authorization tag
in the web.config to restrict only authenicated users in an AD Group can
access the site. This works wonderfully when using the default application
pool running with the default NETWORK SERVICE account.

However, I really wanted to use Integrated access to SQL Server and
therefore don't really want to use NETWORK SERVICE as the credential to
access SQL Server.

So I would rather use a new Active Directory account and use that as the
application pool account so when it access SQL Server it will use that
account.

Note. The new AD Account is pretty much similar to the NETWORK SERVICE
Account. The account is part of the IIS_WPG group and has the following
permission:
1. Adjust memory quotas for a process
2. Generate security audits
3. Log on as a service
4. Replace a process level token

These permission were updated by changing the Local Security settings (from
the Administrative Tools).

My understanding is that the Account I created with the updated permission
should be able to be use as the Application Pool Account no problem.

Unfornately, this doesn't go according to plan. When I serve up the page
with the new Application Pool (using the new AD Account) IE keeps prompting
for my username and password. So I enter it and will never authenticate or
authorize.

Just to test to see if the Application Pool is fine, I allow anonymous
access to the site and remove all the location tag in the web.config and it
works fine.

I have been stucked trying to this thing to work in this manner.
Theoritcally it should work. But I must be missing something. If any body
can help would be great. I'd also attached a copy of the location tag bit of
the web.config.


<!-- Public Security Settings -->
<location path="Problem.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>

<location path="Includes">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>

<location path="Images">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>

<location path="scripts">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>

<location path="ConfirmRequest.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>


<!-- Representatives -->
<location path="SendAppForm.aspx">
<system.web>
<authorization>
<allow roles="TSTDOMAIN\M2006_rep" />
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Default.aspx">
<system.web>
<authorization>
<allow roles="TSTDOMAIN\M2006_rep" />
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="SubmitDashboards.aspx">
<system.web>
<authorization>
<allow roles="TSTDOMAIN\M2006_rep" />
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="ViewApplicant.aspx">
<system.web>
<authorization>
<allow roles="TSTDOMAIN\M2006_rep" />
<deny users="*"/>
</authorization>
</system.web>
</location>

<location path="ListApplicant.aspx">
<system.web>
<authorization>
<allow roles="TSTDOMAIN\M2006_rep" />
<deny users="*"/>
</authorization>
</system.web>
</location>

<!-- Secondary Approver -->
<location path="SecondaryApprover.aspx">
<system.web>
<authorization>
<allow roles="TSTDOMAIN\M2006_Secondary_Approver" />
<deny users="*"/>
</authorization>
</system.web>
</location>


<!-- Office IT -->
<location path="CreateADAccount.aspx">
<system.web>
<authorization>
<allow roles="TSTDOMAIN\M2006_OfficeIT" />
<deny users="*"/>
</authorization>
</system.web>
</location>


<location path="Admin">
<system.web>
<authorization>
<allow roles="TSTDOMAIN\M2006_OfficeIT" />
<deny users="*"/>
</authorization>
</system.web>
</location>

<!-- all other security groups -->
<location path="PopUp.aspx">
<system.web>
<authorization>
<allow roles="TSTDOMAIN\M2006_rep" />
<allow roles="TSTDOMAIN\M2006_Secondary_Approver" />
<allow roles="TSTDOMAIN\M2006_OfficeIT" />

<deny users="*"/>
</authorization>
</system.web>
</location>

<system.web>
<pages validateRequest="false" />
<compilation defaultLanguage="c#" debug="false" />
<customErrors mode="Off" defaultRedirect="Problem.aspx" />
<authentication mode="Windows"/>
<authorization>
<deny users="*" />
</authorization>
<trust level="Full" originUrl=""></trust>
<sessionState mode="InProc" />
<globalization requestEncoding="utf-8" responseEncoding="utf-8" />
<httpRuntime executionTimeout="900" maxRequestLength="12288" />
</system.web>

Thanking who ever respond in advance.
 
D

Dominick Baier [DevelopMentor]

Hello Pete,

have you tried

<authorization>
<deny users="?" />
</authorization>

instead of

<authorization>
<deny users="*" />
</authorization>
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top