I have been using IIS authentication to restrict the entry of several folders
and some of the application are placed in these folders.
(For example, Intranet.aspx are put under a folder Intranet which requires a basic authentication on domain users)
Using the authentication, I have use a domain, eg. abc.hk, and there are many user/user group within abc.hk
and secondly, I have restricted the permission by setting the allowed user groups on the folder security (right click folder -->security/permission)
However, I found that, even I have set only the specific user under abc.hk is allowed to access the folder,
All user/user groups are still able to access the folder. (ie, the specific user setting is not effective, everyone within the domain can go into it)
Anyone can help me to solve this issue?
The below is the user list I have set allowed to access the folder:
If you use role manager app, you can createaccess
rules for you site users. The following example grants access to user(Kim) and members of the
Admins role, and denies access to user(John, Unless
John is included in the Admins role) and to all anonymous users:
however if I have a group of people which is call "Intranet_User"
say:
HKUST\me
HKUST\he
HKUST\she
When I put user="Intranet_User", it seems cannot pass the authentication with any of the account
and if i put roles="Intranet_User", it gives me the below error:
Any idea on the issue..? I think the right way is to use roles if i have a group of ser in the computer management panel..
Insufficient access rights to perform the operation. (Exception from HRESULT: 0x80072098)
Description:An
unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details:System.Runtime.InteropServices.COMException: Insufficient access rights to perform the operation. (Exception from
HRESULT: 0x80072098) Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
For my own testing, i set it as * now
If i do something like <allow users="HKUST\bac"/>
it can block others and allow bac only, however I want to make it to group access (so that user can just add in the server comp management, instead of changing code..)
Bee90124
Member
33 Points
73 Posts
authentication with IIS, using the doamin user authentication (?)
May 08, 2012 05:16 AM|LINK
Hi All,
I have been using IIS authentication to restrict the entry of several folders
and some of the application are placed in these folders.
(For example, Intranet.aspx are put under a folder Intranet which requires a basic authentication on domain users)
Using the authentication, I have use a domain, eg. abc.hk, and there are many user/user group within abc.hk
and secondly, I have restricted the permission by setting the allowed user groups on the folder security (right click folder -->security/permission)
However, I found that, even I have set only the specific user under abc.hk is allowed to access the folder,
All user/user groups are still able to access the folder. (ie, the specific user setting is not effective, everyone within the domain can go into it)
Anyone can help me to solve this issue?
The below is the user list I have set allowed to access the folder:
Administrators
ASP.NET Machine Account (ASPNET)
IIS_WPG
Intranet_User(target group to allow access)
SYSTEM
LOCAL SERVICE
NETWORK
NETWORK SERVICE
Great Thanks!!
Frank Jiang ...
All-Star
16006 Points
1728 Posts
Microsoft
Re: authentication with IIS, using the doamin user authentication (?)
May 19, 2012 04:00 AM|LINK
Hi,
I would suggest you to enable Role Manager for your application:
http://msdn.microsoft.com/en-us/library/ff647401.aspx#paght000013_step3
If you use role manager app, you can create access rules for you site users. The following example grants access to user(Kim) and members of the Admins role, and denies access to user(John, Unless John is included in the Admins role) and to all anonymous users:
<location path="~/yourFolder/Intranet.aspx "> <system.web> <authorization> <allow users="Kim"/> <allow roles="Admins"/> <deny users="John"/> <deny users="?"/> </authorization> </system.web> </location>In addition, you can also reference this link:
use Authorization with ASP.NET Roles in IIS 7.x
Feedback to us
Develop and promote your apps in Windows Store
Bee90124
Member
33 Points
73 Posts
Re: authentication with IIS, using the doamin user authentication (?)
May 21, 2012 05:37 PM|LINK
Hi Frank
I have tried it, and it seems work well if i set
user="HKUST\me"
however if I have a group of people which is call "Intranet_User"
say:
HKUST\me
HKUST\he
HKUST\she
When I put user="Intranet_User", it seems cannot pass the authentication with any of the account
and if i put roles="Intranet_User", it gives me the below error:
Any idea on the issue..? I think the right way is to use roles if i have a group of ser in the computer management panel..
Insufficient access rights to perform the operation. (Exception from HRESULT: 0x80072098)
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Runtime.InteropServices.COMException: Insufficient access rights to perform the operation. (Exception from HRESULT: 0x80072098)
Source Error:
Stack Trace:
Frank Jiang ...
All-Star
16006 Points
1728 Posts
Microsoft
Re: authentication with IIS, using the doamin user authentication (?)
May 23, 2012 02:57 AM|LINK
Could you show this part of <authorization> in web.config? thanks
Feedback to us
Develop and promote your apps in Windows Store
Bee90124
Member
33 Points
73 Posts
Re: authentication with IIS, using the doamin user authentication (?)
May 23, 2012 05:34 PM|LINK
<?xml version="1.0"?> <!-- 如需如何設定 ASP.NET 應用程式的詳細資訊,請造訪 http://go.microsoft.com/fwlink/?LinkId=169433 --> <configuration> <location path="Intranet" > <system.web> <authorization> <allow users="*"/> <!--<allow roles="STP121\Intranet_Users"/> <deny users="*"/>--> </authorization> <!--<identity impersonate="true"/>--> </system.web> </location> <location path="Admin" > <system.web> <authorization> <!--<allow roles="STP121\Intranet_Users"/>--> <deny users="?"/> </authorization> </system.web> </location> <connectionStrings> <add name="MSCISM" connectionString="msldap:// localhost: 389/CN=MSCISM, OU=MscismPartition,O=Mscism,C=HK"/> </connectionStrings> <system.web> <httpRuntime maxRequestLength="102400"/> <compilation debug="false" strict="false" explicit="true" targetFramework="4.0"> <assemblies> <add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/> <add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/> </assemblies> </compilation> <roleManager enabled="true" cacheRolesInCookie="true" defaultProvider="RoleManagerMSCISMProvider" cookieName=".ASPXROLES" cookiePath="/" cookieTimeout="30" cookieRequireSSL="true" cookieSlidingExpiration="true" createPersistentCookie="false" cookieProtection="All"> <providers> <add name="RoleManagerMSCISMProvider" type="System.Web.Security.AuthorizationStoreRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, publicKeyToken=b03f5f7f11d50a3a" connectionStringName="MSCISM" applicationName="MSCISM_APP"/> </providers> </roleManager> <customErrors mode="Off"/> </system.web> <system.webServer> <!--avoid compatibility issue, Force IE7--> <httpProtocol> <customHeaders> <clear/> <add name="X-UA-Compatible" value="IE=EmulateIE7"/> </customHeaders> </httpProtocol> <modules runAllManagedModulesForAllRequests="true"/> </system.webServer> </configuration>Bee90124
Member
33 Points
73 Posts
Re: authentication with IIS, using the doamin user authentication (?)
May 24, 2012 04:48 AM|LINK
Hi Frank , I also face error in executing the database with a logined user..