473,699 Members | 2,842 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Authorization using Windows Authentication

DK
I have an intranet application I've built using asp.net 3.5 / running on
IIS6

I want to use BUILTIN groups on the server that contain domain users. So I
set up my web.config like so for example:
<authorizatio n>
<allow roles="BUILTIN\ Intranet_Admin"/>
<!--<allow roles="GNB\arch ivesemp"/works-->
<!--<allow users="GNB\dkin g"/works-->
<deny users="*"/>
......

Using BUILTIN roles, when accessing the app, a windows pop-up appears asking
for a user name and password? Why and how can I get around this?

Using domain users or groups works fine.

Thanks.

Sep 23 '08 #1
1 1502
On Tue, 23 Sep 2008 11:24:27 -0300, "DK" <bu********@hot mail.com>
wrote:
>I have an intranet application I've built using asp.net 3.5 / running on
IIS6

I want to use BUILTIN groups on the server that contain domain users. So I
set up my web.config like so for example:
<authorization >
<allow roles="BUILTIN\ Intranet_Admin"/>
<!--<allow roles="GNB\arch ivesemp"/works-->
<!--<allow users="GNB\dkin g"/works-->
<deny users="*"/>
.....

Using BUILTIN roles, when accessing the app, a windows pop-up appears asking
for a user name and password? Why and how can I get around this?

Using domain users or groups works fine.

Thanks.
When a app requires Windows authentication, IIS sends a challenge to
the browser asking for credentials. If your remote client is logged in
to the domain and the app is located on the local intranet/trusted
site, the browser (IE specifically, others do not do that) sends back
client's NT authentication token. The IIS accepts and verifies it
against the domain, and then lets the user in without asking for
logon.

In your case you're only letting BUILTIN\Intrane t_Admin group in. That
group is local to the server where IIS is located. While your client
user may be a part of this group, the IIS does not perform
authentication against the domain for this group, therefore your
client's domain token is no good.

Perhaps, I am not quite correct about the semantics here, but that's I
believe what happens.
Sep 23 '08 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
2
1993
AUTHORIZATION with WINDOWS AUTHENTICATION -- HELP!!
by: phreeskier | last post by:
i want to implement authorization with windows authentication and don't have the slightest clue of how to do this implementation. the basic windows authentication for this .NET application is already setup. my problem lies within my inability to manipulate the username captured in the authentication process and my knowledge of how IIS is involved. specifically, i have the following questions: 1) what object(s) can be used so that the...
ASP / Active Server Pages
1
4539
Authorization elements in web.config
by: Chris Leffer | last post by:
Hi. I would like to confirm a behaviour in the authorization element from the web.config file. Suppose the following (using Forms authentication): <authorization> <deny users="?" /> <deny users="User1" /> <allow users="User1" /> </authorization>
ASP.NET
15
3008
Authorization HTML Header going missing
by: Shaun Wilde | last post by:
I am not sure if this is a .NET bug/feature and IIS5 one or a combination of the 2 so here goes I have a situation where when I call an ASP.NET webservice running under windows 2000 (I assume IIS5) with a webservice client also in .NET that the webservice request loses the Authorization HTML header. This DOES NOT happen under Windows 2003. I am using the followng (patch/fix) to preauthenticate the web request (this
ASP.NET
2
3069
ASP.NET Authorization
by: Water Cooler v2 | last post by:
Is the authorization tag/class in web.config\<system.web> available only for Windows authorization? Does it make sense for Forms based authentication?
Visual Basic .NET
1
1518
.NET Membership - Domain Authorization doesn't work with roles
by: 00_DotNetWarrior | last post by:
I am trying to setup a simple authenication to protect my application. I am using Windows authenicated (enabled in IIS) and I am running .NET 2.0 If I am using users, it works: <authorization> <allow users="domain\alex" /> <deny users="*" /> <deny users="?" /> </authorization>
ASP.NET
14
1788
Windows Authorization
by: tshad | last post by:
I am trying to set up an intranet at work that will use our Active directory to authorize our users. We also want them to access the site from the outside (such as at home) and also be authenticated by our Active Directory. We don't want to set up a separate Sql setup. I tried to set up my Web.config file like so: ********************************************************** <?xml version="1.0" encoding="utf-8" ?>
ASP.NET
1
3457
Custom Webdav server authentication and authorization
by: Arnaud Martel | last post by:
Hi, I am developping a custom Webdav server in C#. The IIS configuration is just an application Website with all verbs redirected to aspnet_isapi.dll and the server works as a httpModule. This server access a virtual filesystem actually located in a database. The whole thing works fine with a classic windows authentication with the WindowsAuthentication_OnAuthenticate event mapping domain users to my application users.
.NET Framework
1
1330
Authorization not working as expected
by: las | last post by:
I have created a web service and a simple ASP.Net page that makes calls to the web service (the page roughly mimics the standard Visual Studio web service test page). Running on //localhost, if I disable Windows Authentication in IIS, both my test page and the VS test page work just fine. But if I enable Windows Authentication, my test page gives a (401) Unauthorized error when it tries to call a web service function. Calls from the VS...
ASP.NET
2
2245
URL Authorization in ASP.NET 2.0 not working for html and image files
by: pop | last post by:
Microsoft says that ------------ ASP.NET version 2.0 on Windows Server 2003 protects all files in a given directory, even those not mapped to ASP.NET, such as .html, .gif, and .jpg files. ------------- I have a ASP.NET 2.0 webapp on a 2003 server with the following Web.Config file
ASP.NET
0
2039
User.IsInRole in fails unless authorization section limits access
by: ronscottlangham | last post by:
I have a web page that any authenticated user can access, but I dynamically enable/disable other asp.net controls on the web page based on the Role that they are in via C# code behind. My web config is as follows... <system.web> <authorization> <deny users="?" /> </authorization>
ASP.NET
0
8687
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
9174
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
0
9034
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
1
8914
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
0
7750
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
0
5874
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
4376
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
1
3057
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
3
2009
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us