windows authentication

[Otto]

I have an ASP.NET app developed under CLR 1.0 that uses Windows
Authentication. The individual pages grant permission to the appropriate
groups. Over time, after the application has run for a while, users will
start to be prompted for userid and password information even though prior
to that point in time they weren't prompted on the same pages. We've
recently upgraded to CLR 1.1 on this server but have dropped this app back
to CLR 1.0 and still have the same problem. Strangely, modifying a file in
the application will cause the problem to go away for a while but then it
returns (presumably ASP.NET refreshes its image of the app).

Any ideas on this one?

 

[Peter O'Reilly]

This is an issue with your IIS settings for your virtual directory (web
application).
While in the IIS ISM console,
- open up the property pages for your virtual directory
- under the (Directory) Security tab
- authentication methods.
- check to see that you have annon access checked off

Hope this helps.

 

[Otto]

Yep, anonymous is already off. Only Windows authentication is on....

 

[Peter O'Reilly]

And in your web.config file you have the identity attribute impersonate set
to false and authentication mode set to none?

 

[Otto]

Thanks, this pointed me in the right direction. I did need the
authentication mode set to Windows but added the groups I wanted to manage
into the <allow roles=.../> and that allowed me to simplify the ACL mess I
had on the files.

O

 

[Peter O'Reilly]

--
Peter O'Reilly