ASP.NET + IIS6: whitelisted users via authorization section in web.config
Consider an IIS6 application on a website:
- Windows Authentication is enabled.
- anonymous disabled
It's an ASP.NET MVC app with scopes. The root web.config has authentication and authorization nodes as follows:
<authentication mode="Windows"></authentication>
<authorization>
<allow users="domain\abc, domain\xyz, domain\foo, domain\bar"/>
</authorization>
My identity is NOT on the list of allowed users. Entering the url in the browser, I can view and navigate all pages inside. I know I am being properly authorized as my Active Directory name appears on the site.
Problem: I have been granted access to a site.
Question: Using web.config, how can I restrict users based on their Windows credentials for this IIS6 application?
+2
source to share