ASP Net - <allow roles ...> does NOT work ???

03-23-2005, 02:53 PM

Hi,

I can't make <allow roles...> to work in web.config

I'm logging on as 'Administrator' and try to access a site for which the IIS-authentication method is set to 'Integrated Windows' only

Following are the web.config-entries of the site :
<authentication mode="Windows" />
<authorization>
<allow users="MYDOMAIN\Administrator" />
<deny users="*" />
</authorization>

When I access the site : --> no problem
Authenticated user: MYDOMAIN\Administrator

but changing web.config as follows gives me an "Access Denied"
<authentication mode="Windows" />
<authorization>
<allow roles="MYDOMAIN\Administrators" />
<deny users="*" />
</authorization>

And I double-checked that Administrator is a member of the Administrators-group
I tried with other users-roles and every time I allow only access to roles doesn't I have access ??
How come ?

Any ideas ?
thanks
Chris

************************************************** ********************
Sent via Fuzzy Software @ http://www.fuzzysoftware.com/
Comprehensive, categorised, searchable collection of links to ASP & ASP.NET resources...

cmrchs@yahoo.com

03-23-2005, 03:39 PM

If you use BUILTIN\Administrators then it will check against the local machine's
groups (which Domain Admins should be a part of).

-Brock
DevelopMentor
http://staff.develop.com/ballen

> Hi,
>
> I can't make <allow roles...> to work in web.config
>
> I'm logging on as 'Administrator' and try to access a site for which
> the IIS-authentication method is set to 'Integrated Windows' only
>
> Following are the web.config-entries of the site :
> <authentication mode="Windows" />
> <authorization>
> <allow users="MYDOMAIN\Administrator" />
> <deny users="*" />
> </authorization>
> When I access the site : --> no problem
> Authenticated user: MYDOMAIN\Administrator
> but changing web.config as follows gives me an "Access Denied"
> <authentication mode="Windows" />
> <authorization>
> <allow roles="MYDOMAIN\Administrators" />
> <deny users="*" />
> </authorization>
> And I double-checked that Administrator is a member of the
> Administrators-group
> I tried with other users-roles and every time I allow only access to
> roles doesn't I have access ??
> How come ?
> Any ideas ?
> thanks
> Chris
> ************************************************** ********************
> Sent via Fuzzy Software @ http://www.fuzzysoftware.com/
> Comprehensive, categorised, searchable collection of links to ASP &
> ASP.NET resources...

03-23-2005, 04:31 PM

Hi,

Great !!
BUILTIN\Administrators works

but why doesn't MYDOMAIN\Administrators work ?
it's what the docs/samples always say.

Chris

************************************************** ********************
Sent via Fuzzy Software @ http://www.fuzzysoftware.com/
Comprehensive, categorised, searchable collection of links to ASP & ASP.NET resources...

03-23-2005, 03:39 PM	#2
Brock Allen Posts: n/a	Re: <allow roles ...> does NOT work ??? If you use BUILTIN\Administrators then it will check against the local machine's groups (which Domain Admins should be a part of). -Brock DevelopMentor http://staff.develop.com/ballen > Hi, > > I can't make <allow roles...> to work in web.config > > I'm logging on as 'Administrator' and try to access a site for which > the IIS-authentication method is set to 'Integrated Windows' only > > Following are the web.config-entries of the site : > <authentication mode="Windows" /> > <authorization> > <allow users="MYDOMAIN\Administrator" /> > <deny users="" /> > </authorization> > When I access the site : --> no problem > Authenticated user: MYDOMAIN\Administrator > but changing web.config as follows gives me an "Access Denied" > <authentication mode="Windows" /> > <authorization> > <allow roles="MYDOMAIN\Administrators" /> > <deny users="" /> > </authorization> > And I double-checked that Administrator is a member of the > Administrators-group > I tried with other users-roles and every time I allow only access to > roles doesn't I have access ?? > How come ? > Any ideas ? > thanks > Chris > ************************************************ ****************** > Sent via Fuzzy Software @ http://www.fuzzysoftware.com/ > Comprehensive, categorised, searchable collection of links to ASP & > ASP.NET resources...

03-23-2005, 04:31 PM	#3
cmrchs@yahoo.com Posts: n/a	Re: <allow roles ...> does NOT work ??? Hi, Great !! BUILTIN\Administrators works but why doesn't MYDOMAIN\Administrators work ? it's what the docs/samples always say. Chris ************************************************ ****************** Sent via Fuzzy Software @ http://www.fuzzysoftware.com/ Comprehensive, categorised, searchable collection of links to ASP & ASP.NET resources...

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

03-23-2005, 02:53 PM	#1
	<allow roles ...> does NOT work ??? Hi, I can't make <allow roles...> to work in web.config I'm logging on as 'Administrator' and try to access a site for which the IIS-authentication method is set to 'Integrated Windows' only Following are the web.config-entries of the site : <authentication mode="Windows" /> <authorization> <allow users="MYDOMAIN\Administrator" /> <deny users="" /> </authorization> When I access the site : --> no problem Authenticated user: MYDOMAIN\Administrator but changing web.config as follows gives me an "Access Denied" <authentication mode="Windows" /> <authorization> <allow roles="MYDOMAIN\Administrators" /> <deny users="" /> </authorization> And I double-checked that Administrator is a member of the Administrators-group I tried with other users-roles and every time I allow only access to roles doesn't I have access ?? How come ? Any ideas ? thanks Chris ************************************************ ****************** Sent via Fuzzy Software @ http://www.fuzzysoftware.com/ Comprehensive, categorised, searchable collection of links to ASP & ASP.NET resources... cmrchs@yahoo.com