why my account in administrators group can not access an asp.net page after i have allowed access only to administrators

StackOverflow https://stackoverflow.com/questions/23577592

Domanda

well my question is pretty simple. I have an account "saqib" on windows 7. i have added this account in "Administrators" group. Now my requirement is that i want "saqib" to access an admin page in my asp.net application. I have enabled windows authentication and disabled anonymous authentication in IIS-7. I have added a folder with an admin page in it in my application. I have also added a web.config file to this folder and added these settings.

<?xml version="1.0"?>
<configuration>
<system.web>
  <authorization>
    <allow roles="Administrators"/>
    <deny users="*"/>
  </authorization>
</system.web>
</configuration>

now when i want to access this admin page by entering username as "saqib" and my password, i can not access my admin page. why ???

Although i can access that admin page by using windows built in "Administrator" Account having same settings in web.config file. why is this happening ??

È stato utile?

Soluzione

Please, review this tutorial on MSDN to better understand your code.
The main problem is that you are not give a chance for your admin account to authetificate - you simply deny all the users in the last line.

So you have to use the <deny users="?" />, as @Dust mentioned, but not instead of <deny users="*" />, but before all the directive, like this:

<authorization>
  <deny users="?" />
  <allow roles="Administrators" />
  <deny users="*" />
</authorization>

Also make sure you've provided the authentication element for setting the auth mode for your application, for example:

<authentication mode="Forms" >
  <forms loginUrl="login.aspx" name=".ASPXFORMSAUTH" />
</authentication>

Altri suggerimenti

Shouldn't it be <deny users="?" />. It's confusing what you're doing because you're denying all users but a role of Admin is also a user, so it makes sense that it is not working.

The problem is with Windows UAC. Even if the logged in account is an admin, UAC blocks the admin privilege, which is why you get the popup when you are installing some software and require elevation to admin, and runs the admin user as a regular user.

I found some work around here in stackoverflow while tackling the same issue but never got to get it work in the web.config. In .NET/C# test if process has administrative privileges

Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a StackOverflow
scroll top