By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
432,257 Members | 928 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 432,257 IT Pros & Developers. It's quick & easy.

<allow users=""> question

P: n/a
is it possible to add a bunch of users to group and only allow group to
access the web page or do I need to add each user to the web.config file?

Or is there another way to do this?
I just took over a project and most of the web sites have users defined in
the web.config file that can access the site. Now users come and go so this
config file is always being modified. Could I just add the users to a group
and only allow that group, or would a Active Directory /LDAP path work better?

May 24 '07 #1
Share this Question
Share on Google+
18 Replies


P: n/a
On May 24, 9:52 pm, Tom <T...@discussions.microsoft.comwrote:
is it possible to add a bunch of users to group and only allow group to
access the web page or do I need to add each user to the web.config file?
yes, sure

Specify the "roles" property when configuring <denyand <allow>
elements, as shown here:

<authorization>
<allow roles="DomainName\WindowsGroup" />
<deny users="DomainName\UserName" />
</authorization>

http://msdn2.microsoft.com/en-us/library/acsd09b0.aspx
http://msdn2.microsoft.com/en-us/library/ms998358.aspx

May 24 '07 #2

P: n/a
when I do that I'm prompted for an ID and pwd. I don't want to the prompt to
pop up for each user.

"Alexey Smirnov" wrote:
On May 24, 9:52 pm, Tom <T...@discussions.microsoft.comwrote:
is it possible to add a bunch of users to group and only allow group to
access the web page or do I need to add each user to the web.config file?

yes, sure

Specify the "roles" property when configuring <denyand <allow>
elements, as shown here:

<authorization>
<allow roles="DomainName\WindowsGroup" />
<deny users="DomainName\UserName" />
</authorization>

http://msdn2.microsoft.com/en-us/library/acsd09b0.aspx
http://msdn2.microsoft.com/en-us/library/ms998358.aspx

May 25 '07 #3

P: n/a
On May 25, 1:04 pm, Tom <T...@discussions.microsoft.comwrote:
when I do that I'm prompted for an ID and pwd. I don't want to the prompt to
pop up for each user.
Something is wrong. When you typed the login and password, does it
work?

May 25 '07 #4

P: n/a
no, I enter it in 3 times then it takes me to an error page: 'you are unable
to view this page'.

I even have a web site were I have:
<identity impersonate="true" userName="myDomain\testuser" password="1235"/>
in the web.config file and Im prompted for a username and pwd and even when
I type in the username and pwd i get the samething. 'you are able to view
this page'

I thought I had a typo so I tried just a username and samething.
I dont' want the username and pwd prompt at all.
"Alexey Smirnov" wrote:
On May 25, 1:04 pm, Tom <T...@discussions.microsoft.comwrote:
when I do that I'm prompted for an ID and pwd. I don't want to the prompt to
pop up for each user.

Something is wrong. When you typed the login and password, does it
work?

May 25 '07 #5

P: n/a
On May 25, 5:54 pm, Tom <T...@discussions.microsoft.comwrote:
no, I enter it in 3 times then it takes me to an error page: 'you are unable
to view this page'.

I even have a web site were I have:
<identity impersonate="true" userName="myDomain\testuser" password="1235"/>
in the web.config file and Im prompted for a username and pwd and even when
I type in the username and pwd i get the samething. 'you are able to view
this page'
Okay, let's try to find what's wrong there. I've just tested it on my
remote server box and that's working well without prompting me for
password.

1. Why do you set impersonation? Do you need it?

2. Which Authentication method is used in IIS? Properties -
Dir.Security - Auth.Control - Edit

3. Which Authentication mode is used in web.config?

May 25 '07 #6

P: n/a
1. Why do you set impersonation? Do you need it?
Not sure, I just came on board for the project. not sure

2. Which Authentication method is used in IIS? Properties -
Dir.Security - Auth.Control - Edit:
the only thing checked here is 'Integrated Windows Auth.

3. Which Authentication mode is used in web.config?
<authentication mode="Windows"/>
and this is set as well:
identity impersonate="true" userName="domain\username"
password="1234"/>

and every time I hit the site I'm prompted for an ID and password.

not sure if this makes a difference or not but, under IIS application pools,
I have a appPool for my web site and I have the identiy set to
'domain\username" and the 1234 password, and I'm still challenged.

any suggestions?

"Alexey Smirnov" <al************@gmail.comwrote in message
news:11*********************@u30g2000hsc.googlegro ups.com...
On May 25, 5:54 pm, Tom <T...@discussions.microsoft.comwrote:
>no, I enter it in 3 times then it takes me to an error page: 'you are
unable
to view this page'.

I even have a web site were I have:
<identity impersonate="true" userName="myDomain\testuser"
password="1235"/>
in the web.config file and Im prompted for a username and pwd and even
when
I type in the username and pwd i get the samething. 'you are able to view
this page'

Okay, let's try to find what's wrong there. I've just tested it on my
remote server box and that's working well without prompting me for
password.

1. Why do you set impersonation? Do you need it?

2. Which Authentication method is used in IIS? Properties -
Dir.Security - Auth.Control - Edit

3. Which Authentication mode is used in web.config?

May 25 '07 #7

P: n/a
On May 25, 8:08 pm, "Mike" <whyamih...@gmail.comwrote:
1. Why do you set impersonation? Do you need it?
Not sure, I just came on board for the project. not sure
Okay, I guess you don't need it :-) With impersonation ASP.NET Web
application would access the file system using as the user "myDomain
\testuser". Maybe this is the reason of a login prompt. Either remove
that section, or set

<identity impersonate="false" />

More about impersonation
http://msdn2.microsoft.com/en-us/library/aa292118.aspx

Now, try to set

<authorization>
<allow users="*"/>
<authorization>

Make sure that your account has access

Set up an access rule for specific group (your user must be a member
of that group)

<authorization>
<allow roles="DOMAIN\group"/>
<deny users="*"/>
<authorization>

See what happens

May 25 '07 #8

P: n/a
Tom
still prompted for ID and Password.

"Alexey Smirnov" <al************@gmail.comwrote in message
news:11*********************@w5g2000hsg.googlegrou ps.com...
On May 25, 8:08 pm, "Mike" <whyamih...@gmail.comwrote:
> 1. Why do you set impersonation? Do you need it?
Not sure, I just came on board for the project. not sure

Okay, I guess you don't need it :-) With impersonation ASP.NET Web
application would access the file system using as the user "myDomain
\testuser". Maybe this is the reason of a login prompt. Either remove
that section, or set

<identity impersonate="false" />

More about impersonation
http://msdn2.microsoft.com/en-us/library/aa292118.aspx

Now, try to set

<authorization>
<allow users="*"/>
<authorization>

Make sure that your account has access

Set up an access rule for specific group (your user must be a member
of that group)

<authorization>
<allow roles="DOMAIN\group"/>
<deny users="*"/>
<authorization>

See what happens

May 25 '07 #9

P: n/a
Tom
still prompted,
what would happen if I set ther username and password under:

IIS -->website --properties --directory security --Edit

and add the username and pwd I want my site to run under as?

would that work for the impersonation or no?

"Alexey Smirnov" <al************@gmail.comwrote in message
news:11*********************@w5g2000hsg.googlegrou ps.com...
On May 25, 8:08 pm, "Mike" <whyamih...@gmail.comwrote:
> 1. Why do you set impersonation? Do you need it?
Not sure, I just came on board for the project. not sure

Okay, I guess you don't need it :-) With impersonation ASP.NET Web
application would access the file system using as the user "myDomain
\testuser". Maybe this is the reason of a login prompt. Either remove
that section, or set

<identity impersonate="false" />

More about impersonation
http://msdn2.microsoft.com/en-us/library/aa292118.aspx

Now, try to set

<authorization>
<allow users="*"/>
<authorization>

Make sure that your account has access

Set up an access rule for specific group (your user must be a member
of that group)

<authorization>
<allow roles="DOMAIN\group"/>
<deny users="*"/>
<authorization>

See what happens

May 25 '07 #10

P: n/a
Tom
I also gave my domain ID access to every folder for .net just to see if that
was an issue.

web site folder
asp.net temp files folder
and still prompted
"Alexey Smirnov" <al************@gmail.comwrote in message
news:11*********************@w5g2000hsg.googlegrou ps.com...
On May 25, 8:08 pm, "Mike" <whyamih...@gmail.comwrote:
> 1. Why do you set impersonation? Do you need it?
Not sure, I just came on board for the project. not sure

Okay, I guess you don't need it :-) With impersonation ASP.NET Web
application would access the file system using as the user "myDomain
\testuser". Maybe this is the reason of a login prompt. Either remove
that section, or set

<identity impersonate="false" />

More about impersonation
http://msdn2.microsoft.com/en-us/library/aa292118.aspx

Now, try to set

<authorization>
<allow users="*"/>
<authorization>

Make sure that your account has access

Set up an access rule for specific group (your user must be a member
of that group)

<authorization>
<allow roles="DOMAIN\group"/>
<deny users="*"/>
<authorization>

See what happens

May 25 '07 #11

P: n/a
On May 25, 8:46 pm, "Tom" <whyamih...@gmail.comwrote:
I also gave my domain ID access to every folder for .net just to see if that
was an issue.

web site folder
asp.net temp files folder

and still prompted
wait... still prompted with <allow roles="DOMAIN\group"/>

or with an access for everyone?

<authorization>
<allow users="*"/>
<authorization>

Sorry, but it was unclear for me

May 25 '07 #12

P: n/a
Tom
if I have this:
<allow roles="DOMAIN\group"/>
I'm prompted for username and password
if i have this:
<authorization>
<allow users="myDomain\testuser"/>
<authorization>

I'm prompted for username and password

if i have this:
<identity impersonate="true" userName="myDomain\testuser" password="1235"/>

again prompted for username and password.

no matter what I have i'm prompted for username and password
"Alexey Smirnov" <al************@gmail.comwrote in message
news:11**********************@h2g2000hsg.googlegro ups.com...
On May 25, 8:46 pm, "Tom" <whyamih...@gmail.comwrote:
>I also gave my domain ID access to every folder for .net just to see if
that
was an issue.

web site folder
asp.net temp files folder

and still prompted

wait... still prompted with <allow roles="DOMAIN\group"/>

or with an access for everyone?

<authorization>
<allow users="*"/>
<authorization>

Sorry, but it was unclear for me

May 25 '07 #13

P: n/a
On May 25, 9:37 pm, "Tom" <whyamih...@gmail.comwrote:
>
if i have this:
<identity impersonate="true" userName="myDomain\testuser" password="1235"/>
Please, switch the impersonation off, otherwise we will never never
find an answer ;-)

Using impersonation, ASP.NET executes using the identity of the user
userName. As I understood your initial question, you need to allow a
group to access the web page. And this can be done without
impersonation.

>
no matter what I have i'm prompted for username and password
Should I understand it that you don't have the access at all?

Even with "allow users to everyone"?

<authorization>
<allow users="*"/>
<authorization>

What I want to understand is your current configuration. As I told
you, I did a test with two users today and allow roles rule in the
web.config. It took me about 2 min to get stuff working

May 25 '07 #14

P: n/a
Tom
I have to do both. I need impersonation on for some web apps and some I can
have off.But I need both options and both working and no prompts for the
username and password if impresonation = true
"Alexey Smirnov" <al************@gmail.comwrote in message
news:11**********************@p77g2000hsh.googlegr oups.com...
On May 25, 9:37 pm, "Tom" <whyamih...@gmail.comwrote:
>>
if i have this:
<identity impersonate="true" userName="myDomain\testuser"
password="1235"/>

Please, switch the impersonation off, otherwise we will never never
find an answer ;-)

Using impersonation, ASP.NET executes using the identity of the user
userName. As I understood your initial question, you need to allow a
group to access the web page. And this can be done without
impersonation.

>>
no matter what I have i'm prompted for username and password

Should I understand it that you don't have the access at all?

Even with "allow users to everyone"?

<authorization>
<allow users="*"/>
<authorization>

What I want to understand is your current configuration. As I told
you, I did a test with two users today and allow roles rule in the
web.config. It took me about 2 min to get stuff working

May 25 '07 #15

P: n/a
On May 26, 12:09 am, "Tom" <m...@gmail.comwrote:
I have to do both. I need impersonation on for some web apps and some I can
have off.But I need both options and both working and no prompts for the
username and password if impresonation = true"Alexey Smirnov" <alexey.smir...@gmail.comwrote in message
Okay, I understand it.

Back to my question: do you have a login prompt having <allow
users="*"/?

May 25 '07 #16

P: n/a
Tom
no I don't. only if I specify a user at

<allow users="domain\testuser" />
and
<identity impersonate="true" userName="myDomain\testuser"
password="1235"/>

I'm prompted for and id and pwd with the above 2 configurations only.

If I have
<allow users="*"/I'm not prompted.


"Alexey Smirnov" <al************@gmail.comwrote in message
news:11*********************@g4g2000hsf.googlegrou ps.com...
On May 26, 12:09 am, "Tom" <m...@gmail.comwrote:
>I have to do both. I need impersonation on for some web apps and some I
can
have off.But I need both options and both working and no prompts for the
username and password if impresonation = true"Alexey Smirnov"
<alexey.smir...@gmail.comwrote in message

Okay, I understand it.

Back to my question: do you have a login prompt having <allow
users="*"/?

May 29 '07 #17

P: n/a
On May 29, 1:15 pm, "Tom" <whyamih...@gmail.comwrote:
no I don't. only if I specify a user at

<allow users="domain\testuser" />
and
<identity impersonate="true" userName="myDomain\testuser"
password="1235"/>

I'm prompted for and id and pwd with the above 2 configurations only.

If I have
<allow users="*"/I'm not prompted.
Hi Tom,

try to follow this document in MSDN
http://msdn2.microsoft.com/en-us/library/ms998358.aspx

Hope it helps to find your problem

Cheers!
May 29 '07 #18

P: n/a
I know this thread is a bit old, but it does not look like there was
ever a resolution.

One thing that popped to mind for me as to why you might still see a
login window for name and password when you have windows authentication
is if you are using a browser other than IE.

So far, IE is the only browser that allows complete pass-through
authenticated access using kerberos and/or NT authentication.

In my experience, all other browsers that even allow it, generally
require you to send username and password in basic authentication style.

Hope this helps

*** Sent via Developersdex http://www.developersdex.com ***
Dec 3 '07 #19

This discussion thread is closed

Replies have been disabled for this discussion.