Microsoft Knowledge Base Article
This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved.
Terms
of Use |
Trademarks
Article ID: 910610 - Last Review: February 21, 2006 - Revision: 1.1
Users who are explicitly denied access to an ASP.NET Web application are still allowed access
SYMPTOMS
When you try to configure role-based permissions in a Microsoft
ASP.NET Web application, users who are explicitly denied access to the ASP.NET
Web application are still allowed access.
For example, you configure role-based
permissions in the Web.config file for the ASP.NET Web application as follows.
<authentication mode="Windows" />
<authorization>
<allow users="DOMAIN\UserA" />
<deny users="DOMAIN\UserB" />
</authorization>However, the ASP.NET Web application allows access for
UserB even though
you explicitly denied access for
UserB in the Web.config file for the ASP.NET Web application.
CAUSE
This problem occurs when Microsoft Windows SharePoint Services is
installed on the computer. The Windows SharePoint Services installation adds and
removes some HTTP modules from the Web.config file in the top-level content root folder (\Inetpub\wwwroot). These HTTP modules affect user
permissions.
WORKAROUND
To work around this problem, include the missing HTTP
modules in the Web.config file for the ASP.NET Web application. To do this, add
the following lines of code to the Web.config file for the ASP.NET Web application.
<httpModules>
<clear />
<add name="WindowsAuthentication" type="System.Web.Security.WindowsAuthenticationModule"/>
<add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule"/>
<add name="FileAuthorization" type="System.Web.Security.FileAuthorizationModule"/>
<add name="ErrorHandlerModule" type="System.Web.Mobile.ErrorHandlerModule, System.Web.Mobile, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
<add name="OutputCache" type="System.Web.Caching.OutputCacheModule"/>
<add name="Session" type="System.Web.SessionState.SessionStateModule"/>
<add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule"/>
<add name="PassportAuthentication" type="System.Web.Security.PassportAuthenticationModule"/>
</httpModules>
APPLIES TO
- Microsoft .NET Framework 1.1
Community Feedback System
Very often, it takes hours to solve a problem. Very often, you've looked high
and low, and have tried a lot of solutions. When you finally found it, chances
are, it was because someone else helped you. Here's your chance to give back.
Use our community feedback tool to let others know what worked for you and what
didn't.
Please also understand that the community feedback system is not warranted to be
correct, it's simply a system that we've built to let people try and help each
other. If something in a feedback response doesn't make sense to you, or you're
not comfortable making changes that the feedback talks about (like registry
edits), please consult a professional.
Thank you for using kbAlertz.com Feedback System.
-- Scott Cate
Be the first to leave feedback, to help others about this knowledge base
article.
(Optional) Name
(Optional)
Public URL Or Email
Comments
No
HTML -- Text Only Please