P
poi
I have a Win2K and Win2K web servers with Local Groups that contain
domain users and domain groups from a foreign trusted domain.
In the web config for the application, the web.config has this:
<identity impersonate="true"/>
<authentication mode="Windows"/>
<authorization>
<allow users="WebApp Users,Administrators" />
<deny users="*" />
<deny users="?" />
</authorization>
The local Administrator cannot log on, foreign-domain users cannot log
on, and a test local user I made and put into "WebApp Users
cannot log on either. I am trying to layer the permissions to allow
only local group members "WebApp Users" and "Administrators" in and deny
anonymous. Why doesn't that work?
And changing the settings to this allows everyone in, why aren't Roles
equivalent to Local Groups?
<identity impersonate="true"/>
<authentication mode="Windows"/>
<authorization>
<allow roles="FileTracker UI
Logon,Administrators,Users,Interactive" />
<deny users="?" />
</authorization>
Thanks!
domain users and domain groups from a foreign trusted domain.
In the web config for the application, the web.config has this:
<identity impersonate="true"/>
<authentication mode="Windows"/>
<authorization>
<allow users="WebApp Users,Administrators" />
<deny users="*" />
<deny users="?" />
</authorization>
The local Administrator cannot log on, foreign-domain users cannot log
on, and a test local user I made and put into "WebApp Users
cannot log on either. I am trying to layer the permissions to allow
only local group members "WebApp Users" and "Administrators" in and deny
anonymous. Why doesn't that work?
And changing the settings to this allows everyone in, why aren't Roles
equivalent to Local Groups?
<identity impersonate="true"/>
<authentication mode="Windows"/>
<authorization>
<allow roles="FileTracker UI
Logon,Administrators,Users,Interactive" />
<deny users="?" />
</authorization>
Thanks!