Portal Starter Kit authentication

  • Thread starter Thread starter .net user
  • Start date Start date
N

.net user

can some one point me what i'm doing wrong? I have spent half a day figuring
out and totally stuck now.

Here's what I'm trying to accomplish: I am writing a web appl - an intranet
portal site (based on the portal starter kit) and I want to apply role based
security to the site. - When the users type in the intranet URL, a windows
logon window would pop up and then users login with their NT credentials.
Based upon theie level of security they see the tabs on the portal.
Here's what I have accomplished so far:
1. Created new groups on the domain.
2. Turned on the authentication to "windows" in the web.config file of the
portal site.
3. Added
<authorization>
<allow roles = "doaminname\role1,doaminname\role4" />
<deny users="*">
</authorization>
in the web.config.
4. Added the LogOnID to the users table and the exact domain roles to the
Roles table.

However the wuthentication is not working correctly, the windows logon
prompt keeps poping.. and the app redirects to the AccessDenied page.

Your kind help is greatly appreciated.
 
.net user said:
can some one point me what i'm doing wrong? I have spent half a day figuring
out and totally stuck now.

Here's what I'm trying to accomplish: I am writing a web appl - an intranet
portal site (based on the portal starter kit) and I want to apply role based
security to the site. - When the users type in the intranet URL, a windows
logon window would pop up and then users login with their NT credentials.
Based upon theie level of security they see the tabs on the portal.
Here's what I have accomplished so far:
1. Created new groups on the domain.

Good for windows authentication.
2. Turned on the authentication to "windows" in the web.config file of the
portal site.

Also good for windows authentication.
3. Added
<authorization>
<allow roles = "doaminname\role1,doaminname\role4" />
<deny users="*">
</authorization>
in the web.config.

Looks fine so far.
4. Added the LogOnID to the users table and the exact domain roles to the
Roles table.

This sounds more like forms based authentication.
However the wuthentication is not working correctly, the windows logon
prompt keeps poping.. and the app redirects to the AccessDenied page.

Your kind help is greatly appreciated.

Here are the steps for windows.

1. Add the group in question (either to machine or domain).
2. Add users to group
3. Make sure the user is logging onto the domain
This is most likely where you problem is

Three options to fix:
1. Have user add domain name before user, like
USER BOX: DomainName\Username
PASSWORD BOX: Password

2. Set up the app to use the domain. This a dual edged sword.
a. Open Internet Services Manager
b. Goto Directory Security tab
c. Click the top edit button: Enable Anonymous Access ....
d. Use Basic authentication (the edge of the sword)
e. Cllick edit and add the domain name
Now, try logging on again with the name.
For the dual edge part. A person logging in can have their logon
compromised.

3. Make a local group(s) on the web server and use it.
a. Add domain group(s) to local group(s)
b. Change authentication to use the local group(s), not the domain (in
web.config)

This is standard windows. You add domain users to domain groups and then add
domain groups to local groups for access to the local machine. The rules can
be played a bit different in Active Directory, of course, but this will
still work.

NOTE: You can also add users to the local group and bypass the domain group
addition, if you feel you can manage it there. IN general, I would not
advise this.

I am sure there are others who can come up with even more options.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

**********************************************************************
Think Outside the Box!
**********************************************************************
 
Back
Top