473,320 Members | 1,580 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

authentication: deny users=* problem

Dan
hi ng.

i have a strange behaviour when i want to control who can access a web
application by setting web.config like:
<authorization>
<allow users="DOMAIN\ACCOUNT,..." />
<deny users="*" />

the authorization is working fine, but the user receives the standard
"The page cannot be displayed"
error page.
whereas when the authorization check is disabled, everything is working
fine.

my iis settings are:
allow anonymous access
integrated windows authentication enabled

i have no idea about what could be wrong.
thanks a lot,
dan
Nov 18 '05 #1
4 12093
it look to me that your <allow... /> and <deny.../> in web.config does not
make sense: first you want to allow access for users in a domain, then you
deny access to ALL USERS, so that your ASP.NET app cannot be accessed to by
anyone. If you want to block anonymous user, it should be <deny users="?"
/>. But the better way to deny anonymous access is simple uncheck "Anonymous
access" in IIS setting for the ASP.NET application.

"Dan" <da**********@zdv.uni-tuebingen.de> wrote in message
news:cn**********@newsserv.zdv.uni-tuebingen.de...
hi ng.

i have a strange behaviour when i want to control who can access a web
application by setting web.config like:
<authorization>
<allow users="DOMAIN\ACCOUNT,..." />
<deny users="*" />

the authorization is working fine, but the user receives the standard
"The page cannot be displayed"
error page.
whereas when the authorization check is disabled, everything is working
fine.

my iis settings are:
allow anonymous access
integrated windows authentication enabled

i have no idea about what could be wrong.
thanks a lot,
dan

Nov 18 '05 #2
Norman wrote:
it look to me that your <allow... /> and <deny.../> in web.config does not
make sense: first you want to allow access for users in a domain, then you
deny access to ALL USERS, so that your ASP.NET app cannot be
accessed to by anyone.


This is not true, his web.config does make sense!

From MSDN:

"At run time, the authorization module iterates through the <allow> and
<deny> tags until it finds the first access rule that fits a particular
user. It then grants or denies access to a URL resource depending on whether
the first access rule found is an <allow> or a <deny> rule."

If a user cannot log in, his account doesn't match the one you specified in
your <allow> block.

Steven

- - -
Nov 18 '05 #3
Jos
Norman Yuan wrote:
it look to me that your <allow... /> and <deny.../> in web.config
does not make sense: first you want to allow access for users in a
domain, then you deny access to ALL USERS, so that your ASP.NET app
cannot be accessed to by anyone. If you want to block anonymous user,
it should be <deny users="?" />. But the better way to deny anonymous
access is simple uncheck "Anonymous access" in IIS setting for the
ASP.NET application.


I'll have to disagree here Norman.
Dan's configuration is 100% OK. See also:
http://msdn.microsoft.com/library/en...haspdotnet.asp

The rule here is that the authorization block is checked
from top to bottom, and the first match is the one that counts.

But I agree with you that disabling "Anonymous access" would
solve Dan's problem.

Dan, you're using the ASPNET account for anonymous
access, which subsequently will be refused access.
Disabling anonymous access will solve this problem.

--

Jos
Nov 18 '05 #4
Dan
Thanks for your support, but the problem was that my domainsettings were
wrong.
the settings do make sense: i can control which domain user gets access
to the application
deny=? would mean that every user authenticated by active directory gets
access.

Dan

Norman Yuan wrote:
it look to me that your <allow... /> and <deny.../> in web.config does not
make sense: first you want to allow access for users in a domain, then you
deny access to ALL USERS, so that your ASP.NET app cannot be accessed to by
anyone. If you want to block anonymous user, it should be <deny users="?"
/>. But the better way to deny anonymous access is simple uncheck "Anonymous
access" in IIS setting for the ASP.NET application.

"Dan" <da**********@zdv.uni-tuebingen.de> wrote in message
news:cn**********@newsserv.zdv.uni-tuebingen.de...
hi ng.

i have a strange behaviour when i want to control who can access a web
application by setting web.config like:
<authorization>
<allow users="DOMAIN\ACCOUNT,..." />
<deny users="*" />

the authorization is working fine, but the user receives the standard
"The page cannot be displayed"
error page.
whereas when the authorization check is disabled, everything is working
fine.

my iis settings are:
allow anonymous access
integrated windows authentication enabled

i have no idea about what could be wrong.
thanks a lot,
dan


Nov 18 '05 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

10
by: See Sharp | last post by:
Hello all, I have a set of admin pages which are put in a subfolder called admin inside my application folder. I want to limit access to these admin pages. How can I do this? In Linux, I can...
11
by: ElmoWatson | last post by:
I tried on the Security newgroup, as well as other places, and haven't gotten an answer yet - - I'm pulling my hair out over this one. I'm trying to get Forms Authentication working.....I can get...
3
by: Kris van der Mast | last post by:
Hi, I've created a little site for my sports club. In the root folder there are pages that are viewable by every anonymous user but at a certain subfolder my administration pages should be...
3
by: Amil | last post by:
I must be missing something very simple. I've had a web site running for a long time (anonymous access). Web.config authentication is original (anyone gets in): <authentication mode="Windows"...
4
by: nicholas | last post by:
Hi, Got an asp.net application and I use the "forms" authentication mode defined in the web.config file. Everything works fine. But now I would like to add a second, different login page for...
4
by: WebBuilder451 | last post by:
I have an app that will direct to the login on any unauthorized access. It will redirect back to the calling page when authenticated. Now here is the problem. I'm allowing for user registration...
3
by: sefe dery | last post by:
hi ng, i try to create a asp.net 1.0 website on windows server 2003(Servername: ServerX) with iis 6.0. PROBLEM: The user should login with his windows credentials in basic.aspx and...
9
by: dana lees | last post by:
Hello, I am developing a C# asp.net application. I am using the authentication and authorization mechanism, which its timeout is set to 60 minutes. My application consists of 2 frames - a...
1
by: Joe | last post by:
What I want to do is make only one page require a login. The application itself works fine. I'm getting the following error: Parser Error Message: It is an error to use a section registered as...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.