Home/ Questions/Q 8658025
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-12T15:39:59+00:00

I have an ASP.NET Dynamic Data site that should only be accessible to administrators

  • 0

I have an ASP.NET Dynamic Data site that should only be accessible to administrators currently logged in and on the domain. I want the site to be able to tell who the user is based on their login and either allow or deny access without challenging for credentials. Due to the nature of a Dynamic Data site, I want to be certain no one else is finding their way in their so I’d like to manage authentication and authorization in IIS rather than the web.config. But no matter what I do, it denies access even as administrator.

Using IIS7 on a 64 bit Windows Server 2008 R2 Standard machine. When clicked on the site and go into Authentication, I have disabled all modes except Windows.

All three available providers are enabled in the following order:

Negotiate:Kerberos
Negotiate
NTLM

In Authorization, I have added a deny rule to deny anonymous users and then allow all users. Eventually will change that to allow role administrator but I can do that once I get this working.

What am I missing? If it matters, the web server, the domain controller, the file server the pages are on are all on the same domain.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You may want to use this little snippet of code:

    Public Function GetGroups() As ArrayList
    Dim groups As New ArrayList()
    For Each group As System.Security.Principal.IdentityReference In System.Web.HttpContext.Current.Request.LogonUserIdentity.Groups
        groups.Add(group.Translate(GetType(System.Security.Principal.NTAccount)).ToString())
    Next
    Return groups
End Function

    This returns all the groups the current windows user is part of, that way you can check if the admin group is in the array list and just redirect them if not.

    So drop the other access deny/allow and use whether or not they are in the admin group to determine access.

    You will need to make sure that the following is in your config file:

    <system.webServer>
...etc
  <security>
...etc
    <authentication>
      <windowsAuthentication enabled="true" />
    </authentication>
...etc
  </security>
...etc
</system.webServer>
    • 0