I want to use a local group to restrict access to an ASP.NET web application to local users.
I’ve created a Windows group (TestLocalGroup) and Windows user accounts and assigned them all to the new group. The group and accounts are on the IIS7 web server.
In my web.config, I can properly restrict access to specific users by defining the following settings…
<authentication mode="Windows" />
<authorization>
<allow users=".\TestLocalUser1,.\TestLocalUser2" />
<deny users="*" />
</authorization>
But I can’t seem to get it to work for the group. This code won’t allow my group members access…
<authentication mode="Windows" />
<authorization>
<allow roles=".\TestLocalGroup" />
<deny users="*" />
</authorization>
I don’t have any “roleManager” section. Do I need that?
Am I missing something? It seems like it should just work.
There were two problems.
1) It turns out that I had a different roleManager enabled on a parent web.config.
For my site I had to clear the roleManager to get the windows roles to work again.
2) As I was adding my users to the groups, there didn’t appear to be any immediate effect. I logged on and off as suggested by mellamokb (Thank you!). That didn’t make any difference, but it did point me to the correct solution; recycling my web site. I assume there is some timed credential cache and recycling the web site will clear it.