I want to limit access to a web application to only certain Users in our NT/Active Directory database. I have turned off anonymous access and set the app to use Windows security, but it allows anybody with a log-in to log in. I want to deny certain groups, so I did:
<authorization>
<allow roles="BossGroup" />
<deny users="?" />
<deny roles="MyGroup" />
</authorization>
What should I do to achieve the security I want?
<authorization>
<allow roles="BossGroup" />
<deny users="?" />
<deny roles="MyGroup" />
</authorization>
What should I do to achieve the security I want?