Hi xenophon,
Thanks for your post.
Can you show us which authentication mode you used in IIS? I suspect you
uses Windows Integrated Authentication in IIS.
Currently, for your web.config setting, I can not see big problem with it.
Your setting semantics should be corrently.(However, I think the last
element <deny users="?, TESTDOM2\group1" /> will be of no use, and can be
give off)
I think we should first check if the client request has been correct
authenticated as the domain account(TESTDOM2\testusr1). To check this, I
suggest you uncheck the anonymous and windows integrated authentication in
IIS, only apply the basic authentication, then we can explicitly do the
authentication with our need.
For more information about IIS authentication suggested troubleshooting
steps, please refer to "IIS Authentication Issues" section in the article
below:
"Building Secure ASP.NET Applications: Authentication, Authorization, and
Secure Communication"
http://msdn.microsoft.com/library/de...us/dnnetsec/ht
ml/SecNetch13.asp
Also, we can first disable the web.config settings, then in the requested
page, just use the code listed in "Determining Identity in a Web Page"
section in the above link to determine the authenticated request identity.
Once we can determine our request is correctly authenticated and
impersonated as "TESTDOM2\testusr1", this problem should go away.
I will wait for your further feedback. Thanks
================================================== =============
Thank you for your patience and cooperation. If you have any questions or
concerns, please feel free to post it in the group. I am standing by to be
of assistance.
Best regards,
Jeffrey Tan
Microsoft Online Partner Support
Get Secure! -
www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
