Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Newbie: How to ensure only domain admin could use an ASP.NET web page

Reply
Thread Tools

Newbie: How to ensure only domain admin could use an ASP.NET web page

 
 
Navin Mishra
Guest
Posts: n/a
 
      08-04-2006
Hi,

I've built an administration application using ASP.NET. Now how I could
ensure only domain admin could use the ASP.NET web page ? I tried setting
window autentication for virtual directory security and aspz security and
add domain adminstartor in allowed users in allowed users in web.config.
When browing the aspx page I'm challenged for credentials and though I enter
them all right the authentication fails. Then I tried basic authnetication
using domain as realm and though I could access the page but it is
accessible by all domain users and not only Adminstrator which I want and
added in allowed users list.

What I may be missing ? How it could be accomplished ?

Thanks in advance and regards

Navin


 
Reply With Quote
 
 
 
 
Dominick Baier
Guest
Posts: n/a
 
      08-04-2006
Hi,

when you are adding <allow xxx /> elements to the authorization element,
you also have to explicitly end the list with a <deny users="*" />

read more about it here:

http://www.leastprivilege.com/ASPNET...nSettings.aspx

dominick

> Hi,
>
> I've built an administration application using ASP.NET. Now how I
> could ensure only domain admin could use the ASP.NET web page ? I
> tried setting window autentication for virtual directory security and
> aspz security and add domain adminstartor in allowed users in allowed
> users in web.config. When browing the aspx page I'm challenged for
> credentials and though I enter them all right the authentication
> fails. Then I tried basic authnetication using domain as realm and
> though I could access the page but it is accessible by all domain
> users and not only Adminstrator which I want and added in allowed
> users list.
>
> What I may be missing ? How it could be accomplished ?
>
> Thanks in advance and regards
>
> Navin
>



 
Reply With Quote
 
 
 
 
Navin Mishra
Guest
Posts: n/a
 
      08-04-2006
Thank you so much...it worked but only with using basic authentication mode
with domain in IIS. If I use windows authentication mode only, then it still
does not work.
--
Navin Mishra [Siemens]
HiPath OpenScape Channel Support Team (TST)
This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use.

"Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> wrote in
message news:(E-Mail Removed) m...
> Hi,
> when you are adding <allow xxx /> elements to the authorization element,
> you also have to explicitly end the list with a <deny users="*" />
>
> read more about it here:
>
> http://www.leastprivilege.com/ASPNET...nSettings.aspx
>
> dominick
>
>> Hi,
>>
>> I've built an administration application using ASP.NET. Now how I
>> could ensure only domain admin could use the ASP.NET web page ? I
>> tried setting window autentication for virtual directory security and
>> aspz security and add domain adminstartor in allowed users in allowed
>> users in web.config. When browing the aspx page I'm challenged for
>> credentials and though I enter them all right the authentication
>> fails. Then I tried basic authnetication using domain as realm and
>> though I could access the page but it is accessible by all domain
>> users and not only Adminstrator which I want and added in allowed
>> users list.
>>
>> What I may be missing ? How it could be accomplished ?
>>
>> Thanks in advance and regards
>>
>> Navin
>>

>
>



 
Reply With Quote
 
Dominick Baier
Guest
Posts: n/a
 
      08-05-2006
what's not working??

You definitely only grant access now to the specified groups...

dominick

> Thank you so much...it worked but only with using basic authentication
> mode with domain in IIS. If I use windows authentication mode only,
> then it still does not work.
>
> "Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> wrote
> in message news:(E-Mail Removed) m...
>
>> Hi,
>> when you are adding <allow xxx /> elements to the authorization
>> element,
>> you also have to explicitly end the list with a <deny users="*" />
>> read more about it here:
>>
>> http://www.leastprivilege.com/ASPNET...nSettings.aspx
>>
>> dominick
>>
>>> Hi,
>>>
>>> I've built an administration application using ASP.NET. Now how I
>>> could ensure only domain admin could use the ASP.NET web page ? I
>>> tried setting window autentication for virtual directory security
>>> and aspz security and add domain adminstartor in allowed users in
>>> allowed users in web.config. When browing the aspx page I'm
>>> challenged for credentials and though I enter them all right the
>>> authentication fails. Then I tried basic authnetication using domain
>>> as realm and though I could access the page but it is accessible by
>>> all domain users and not only Adminstrator which I want and added in
>>> allowed users list.
>>>
>>> What I may be missing ? How it could be accomplished ?
>>>
>>> Thanks in advance and regards
>>>
>>> Navin
>>>



 
Reply With Quote
 
Navin Mishra
Guest
Posts: n/a
 
      08-17-2006
It is working on another machine...not sure what is going on with machine on
which it is not working.

BTW how to ensure that users who are in only local adminstrator group could
use the web site ?

Thanks!

"Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> wrote in
message news:(E-Mail Removed) m...
> what's not working??
>
> You definitely only grant access now to the specified groups...
>
> dominick
>
>> Thank you so much...it worked but only with using basic authentication
>> mode with domain in IIS. If I use windows authentication mode only,
>> then it still does not work.
>>
>> "Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> wrote
>> in message news:(E-Mail Removed) m...
>>
>>> Hi,
>>> when you are adding <allow xxx /> elements to the authorization
>>> element,
>>> you also have to explicitly end the list with a <deny users="*" />
>>> read more about it here:
>>>
>>> http://www.leastprivilege.com/ASPNET...nSettings.aspx
>>>
>>> dominick
>>>
>>>> Hi,
>>>>
>>>> I've built an administration application using ASP.NET. Now how I
>>>> could ensure only domain admin could use the ASP.NET web page ? I
>>>> tried setting window autentication for virtual directory security
>>>> and aspz security and add domain adminstartor in allowed users in
>>>> allowed users in web.config. When browing the aspx page I'm
>>>> challenged for credentials and though I enter them all right the
>>>> authentication fails. Then I tried basic authnetication using domain
>>>> as realm and though I could access the page but it is accessible by
>>>> all domain users and not only Adminstrator which I want and added in
>>>> allowed users list.
>>>>
>>>> What I may be missing ? How it could be accomplished ?
>>>>
>>>> Thanks in advance and regards
>>>>
>>>> Navin
>>>>

>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: How include a large array? Edward A. Falk C Programming 1 04-04-2013 08:07 PM



Advertisments