Limit file access to specific users in IIS
https://stackoverflow.com/questions/277695
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm running an ASP.NET web site on IIS 6.0 (Windows 2003), and the site uses "integrated windows authentication". The IWA configuration is not a must (until now), but is configured anyway. The application pool runs as the "Network Service". Also, in web.config, there's the line "". The problem I'm facing now is that there's a new request to limit access to a specific page, so that only a limited number of users (a single group in the active directory) could gain access to it.
I've been trying to change NTFS permissions on that file, but this doesn't work, as IIS is using "Network Service" to access the file, regardless the rest of the permissions. Removing "Network Service" (or the "Users" group) from the ACL, would cause the page not to work at all.
So how can I limit access to a specific page, only for specific users?
Solution
You can use the following in your web.config:
<configuration>
<location path="ProtectedPage.aspx">
<system.web>
<authorization>
<allow users="SomeUser"/>
<deny users="?"/>
</authorization>
</system.web>
</location>
</configuration>
