Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations John Tel on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

security issues with web.config. file

Status
Not open for further replies.
leearach2004

leearach2004

Technical User
Dec 8, 2005
86
GB
Hi there howp somone can help this is driving me upo the wall.

I have created a web site using asp.net to be used as a school intranet site. This site is only to be accessable by administrators and teaching staff.

My site works fine using virtual directory on a local machine and works fine when I upload it to the web server.

But when I change the permissions on the the web folder using the security tab, by removing the usergroup EVERONE and adding ADMINISTRATOR and TEACHING STAFF I get an error as follows

Access denied to d:\...\...\...\...\web.config file

If i Re-add the EVERYONE user group it works fine.

The problem I have is I only want admin and teaching staff to have access and I dont want a login box just straight access for admin and teachers and access denied for students.

Hope somone can help

I am using windows server 2000
IIS 6.0
.net framwork 1.1.4322

lee
 
Sort by date Sort by votes
the asp.net account needs access to read the file. That is the process that runs with IIS.

To restrict access to groups, you dont need to modify the ACL(permissions) on the web server files.

You should place a web.config in the root of the folder you want restricted as follows.

You can have many folders with many configs, each should override the previous, so your main site could be allow all domain users, and the next subfolder only allow domain admins, ie.

Code: 
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
  <system.web>
    <customErrors mode="Off" />
    <authentication mode="Windows" />
    <identity impersonate="true" />
    <authorization>
      [b]<allow roles="DomainNameHere\Domain Admins, DomainNameHere\Teaching Staff"/>[/b]
      <deny users="*"/>
    </authorization>
  </system.web>
</configuration>

IIS will listen to and obey (yeah, yeah) the bolded part when you use Integrated Windows Authentication.

Put in your asp.net code the custom errors to redirect the people who dont have access somewhere else if they try, or they will get the pretty built in access denied message.
 
Upvote 0 Downvote
Hi there thanks for the respone

I have tried this option you sugested already. I lefdt the folder permissions to EVERYONE user group then in the web.config file in the root folder of my site I did exactly what was described above.

This did restric access but to everyone even thouse that where listed in the allow roles. So it always comes up with a login box but not even administartor logins allow access.

Just says access denied to all accounts.

Im hopping its just somthing silly i am doing

Hope this helps anyone need more info just let me know

lee
 
Upvote 0 Downvote
sorry for delay, i was on vacation!

hopefully you have issue resolved, if not, can you post your web.config (take out identifiable info), what is the URL of your site? ( change a little to protect innocent), what is in your page_load event? (calling a database at that point?)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

G12Consult
  • Locked
  • Question
Help with Json
Replies
2
Views
971
gmmastros
gmmastros
weberm
  • Locked
  • Question
How do I make a page with multiple AJAX custom controls?
Replies
2
Views
912
weberm
weberm
sugu1
  • Locked
  • Question
sound editing in web site to record, cut/trim, paste and save as wav file
Replies
0
Views
819
sugu1
sugu1
WIREMESH
  • Locked
  • Question
Play mp4 files in asp.net 2.0 webforms application
Replies
0
Views
279
WIREMESH
WIREMESH
baran121
  • Locked
  • Question
Sending data with bluetooth on webproject
Replies
1
Views
351
jbenson001
jbenson001

Part and Inventory Search

Sponsor

Back
Top