ASP NET 1.1 authorization and IIS 6.0 application pools

V

vp

We have an ASP.NET 1.1 web service that has its own application pool
setup (in IIS 6.0) and that runs under the identity of a Windows
Domain account
(this is for security reason when accessing databases).

We allow only Integrated Widnows Authentication on the web service.

we are setting the impersonate to false as that is the only way the
application pool identity is used for the DB access.

<identity impersonate="false"/>


What we would like to also do is to restrict the web service access to
specific windows accounts. We tried doing with the authorization tags
but this does not seem to work. It seems to allows every Windows user
irrespective of the allow list.

The following is a snapshot of our webconfig. Any help is greatly
appreciated.

<system.web>
<trust level="Full" originUrl="" />
<authentication mode="Windows" />
<identity impersonate="false" />
<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true" />
<sessionState mode="off" />
<globalization requestEncoding="utf-8" responseEncoding="utf-8" />
</system.web>

<location path="test.asmx">
<system.web>
<authorization>
<allow users ="Mydomain\user1" />
<deny users = "*"/>
</authorization>
</system.web>
</location>


We try to restrict access to the user Mydomain\user1 but every one is
able to still access the webservice
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,962
Messages
2,570,134
Members
46,690
Latest member
MacGyver

Latest Threads

Top