I created a website that uses the aspnet tables (aspnet_User, aspnet_Roles, UsersInRoles, application) to perform authentication. I've also enabled windows authentication. What I didn't realize I have to do is give user access to the website folder.
Can someone please provide a link that explains how the authentication works? Why does the user need access to the folder? Is that userid authenticated by IIS? If that's the case do I need to provide another authentication on the database level?
I created a website that uses the aspnet tables (aspnet_User, aspnet_Roles, UsersInRoles, application) to perform authentication. I've also enabled windows authentication.
This sounds like two contradictory things: the membership tables are used if you're using forms authentication. AD is used if you're using windows authentication. They are mutually exclusive. So which one are you using -- forms or windows?
Sorry what does AD stand for? In the web.config authentication mode is windows. It probably makes sense to do both as I have roles for the web application. The aspnet tables will allow me to authentication the user against the role.
Roles do not authenticate the user. The role provider allows you to load role information for the authenticated user and in your case the user is authenticated against AD. It then sounds like you're not using membership.
I'm not certain (I don't think i have enough info), but my guess is that you have the FileAuthroization module enabled which is checking the DACL on the files in the folder against the authenticated windows user. In other words, in ASP.NET when using windows
authentication, the system checks the normal file system security. You can either: 1) disable that module to disable this behavior/feature, or 2) change the files on the webserver to allow all users read access.
rds80
Member
52 Points
158 Posts
Access to IIS
Dec 26, 2012 02:14 PM|LINK
I created a website that uses the aspnet tables (aspnet_User, aspnet_Roles, UsersInRoles, application) to perform authentication. I've also enabled windows authentication. What I didn't realize I have to do is give user access to the website folder.
Can someone please provide a link that explains how the authentication works? Why does the user need access to the folder? Is that userid authenticated by IIS? If that's the case do I need to provide another authentication on the database level?
BrockAllen
All-Star
27438 Points
4893 Posts
MVP
Re: Access to IIS
Dec 26, 2012 03:21 PM|LINK
This sounds like two contradictory things: the membership tables are used if you're using forms authentication. AD is used if you're using windows authentication. They are mutually exclusive. So which one are you using -- forms or windows?
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
rds80
Member
52 Points
158 Posts
Re: Access to IIS
Dec 26, 2012 06:57 PM|LINK
Sorry what does AD stand for? In the web.config authentication mode is windows. It probably makes sense to do both as I have roles for the web application. The aspnet tables will allow me to authentication the user against the role.
BrockAllen
All-Star
27438 Points
4893 Posts
MVP
Re: Access to IIS
Dec 26, 2012 07:39 PM|LINK
AD == "Active Directory"
Roles do not authenticate the user. The role provider allows you to load role information for the authenticated user and in your case the user is authenticated against AD. It then sounds like you're not using membership.
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
BrockAllen
All-Star
27438 Points
4893 Posts
MVP
Re: Access to IIS
Dec 26, 2012 07:42 PM|LINK
And then to answer your original question, here are some articles on windows authentication and authorization:
http://support.microsoft.com/kb/323176
http://msdn.microsoft.com/en-us/library/ms998358
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
rds80
Member
52 Points
158 Posts
Re: Access to IIS
Dec 26, 2012 08:14 PM|LINK
I see what you're saying. Thanks.
rds80
Member
52 Points
158 Posts
Re: Access to IIS
Dec 26, 2012 08:53 PM|LINK
Can you please help me understand why I need to give users access to the website folder?
BrockAllen
All-Star
27438 Points
4893 Posts
MVP
Re: Access to IIS
Dec 26, 2012 09:34 PM|LINK
I'm not certain (I don't think i have enough info), but my guess is that you have the FileAuthroization module enabled which is checking the DACL on the files in the folder against the authenticated windows user. In other words, in ASP.NET when using windows authentication, the system checks the normal file system security. You can either: 1) disable that module to disable this behavior/feature, or 2) change the files on the webserver to allow all users read access.
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/