ASP.NET Windows Integrated Security

[warpped]

This is the first time I'm useing Integrated Security, and I am probably missing something silly.

I have IIS set to use Integrated Security and anonymous access is disabled.

My web.config file is set to:

<authentication mode="Windows" />
<authorization>
<allow roles="Domain Admins" />
<deny users="*" />

This causes the login prompt to appear when accessing the web form, and I cannot log in. I don't think that it is doing any real authentication. When I "allow" a specific user and "deny" another, anybody can get in.

Does anybody know what I could be missing?

Thanks

 

[Ecreations]

Your web.Config file should look like this

<system.web>
<authentication mode = "Windows"/>
<identity impersonate="true"/>

<authorization>
   <allow users = "*"/>
</authorization>
<!--Rest of your settings-->

</system.web>

Good luck

http://ecreationscanada.com

What would you attempt to accomplish if you knew you would not fail?

Prayers are like junk mail, hardly looked at.

 

[warpped]

Yes, that works. But, I do not want to make it available to all users. I need to deny access for all, and allow access for specified users/roles. I can get it to allow to all or deny to all, but I cannot deny to specific or allow to specific users.