Windows Groups/Roles Security in asp.net

[Dale]

I have a problem with implementing windows groups as a
form of role based security.

I have implemented it exactly as described in
http://support.microsoft.com/?id=323176

I am running Windows 2000 Server and ASP.NET framework
1.1 we are using Active Directory for groups. IIS is
setup for windows authentication

When I use the following syntax. It doesn't work
<authentication mode="Windows" />
<authorization>
<allow roles="domainname\WEB Group" />
<deny users="*" />
</authorization>

However if i do it by user it does work e.g.
<authentication mode="Windows" />
<authorization>
<allow users="domainname\dale" />
<deny users="*" />
</authorization>

I have also tried with and without the impersonation tag
<identity impersonate="true" />

I have noticed other similiar posts but I havent seen any
conclusive answers to this problem.

Any help would be greatly appreciated

Thanks

Dale

 

[Bob Grommes]

Perhaps you should use "deny roles" in conjunction with "allow roles" rather
than "deny users"?

Make sure you've disabled anonymous users in IIS for this app -- although if
it's working for specific users, I suppose that you have.

I have authenticated by role programmatically without reliance on a config
file and that works fine. I just created a static method in Global.asax and
call that as the first order of business on every page that requires
authorization:

Global.AuthorizeUser(this);

The AuthorizaUser routine will just check IsInRole() as appropriate for that
page. If they aren't authorizeable it takes them to a "not authorized"
page.

Hope this is of some help.

--Bob

 

[eRic]

I was having exactly the same problem. Then I found a somewhat realated
issue on another forum that some suggested logging off the network and
trying it again. That worked for me. Now I have an AD group
roles="DOMAINNAME\GroupName" in my authorization element and it works great.
I did have to reboot my machine (maybe just log off?) to get it to work.