How do I configure an application to allow only a certain NT group?

[qwert231]

I want to limit access to a web application to only certain Users in our NT/Active Directory database. I have turned off anonymous access and set the app to use Windows security, but it allows anybody with a log-in to log in. I want to deny certain groups, so I did:
<authorization>
<allow roles=&quot;BossGroup&quot; />
<deny users=&quot;?&quot; />
<deny roles=&quot;MyGroup&quot; />
</authorization>

What should I do to achieve the security I want?

 

[rveer]

Make sure you set the authentication mode to Windows in the web.config. I'm not quite sure from the top of my head what it should be, but there probably is a <!-- commented --> template on the default web.config.

 

[qwert231]

It should (and does) look like this:
<authentication mode=&quot;Windows&quot; />