windows authentication

[wh]

I'm having problems setting up a web application up to only allow access to
users in a specific Windows group:

<authentication mode="Windows"/>
<authorization>
<deny users="?"/>
<allow roles="GroupToAllow"/>
<deny users="*"/>
</authorization>

where "GroupToAllow" is the Windows 2000 group containing all users that are
able to access the application.

It appears that I need to specify a domain name as well though no domain
exists as it's on a standalone server. I've tried the following

<allow roles="MACHINENAME\GroupToAllow"/>

but still the same problem.

Is there a solution? If not then I think I can get away checking whether the
user belongs to a Windows 2000 group at runtime in the page_load event
handler though don't know whether this is possible in .NET. Any ideas where
I can start looking?

Wayne.

 

[Paul Glavich]

Try this :-

<authentication mode="Windows"/>
<authorization>
<allow roles="MACHINENAME\GroupToAllow"/>
<deny users="*"/>
</authorization>

- Paul Glavich

 

[Harry Poulter]

I hada similar problem using "User.isInRole" until I used "BUILTIN" as the
domain for local groups, as in "BUILTIN\Group Name". Doesn't seem logical,
since these groups aren't "built in" but are local groups I created, but it
works. Using MACHINENAME did not.


Harry Poulter