Web Connection
Admin.aspx permissions
Gravatar is a globally recognized avatar based on your email address. Admin.aspx permissions
  Stein Goering
  All
  Feb 14, 2018 @ 08:41pm

I can attest that the updated Admin page does indeed prevent access to any of the functional links if you are not authenticated.

Problem is now I can't figure out how to get authenticated. I have set the permissions as shown: That would seem to match what's suggested in your docs since IUSR is excluded. But I do not get a login dialog when attempting to open the page - it just comes up with the security warning...

What am I missing?

--stein

Gravatar is a globally recognized avatar based on your email address. re: Admin.aspx permissions
  Stein Goering
  Rick Strahl
  Feb 15, 2018 @ 06:23am

No, I'm seeing this when hitting it from a remote client: http://70.167.40.88/wconnect/admin/admin.aspx

Note that there's no SSL on that box so I can't use https - don't know if that makes a difference?

--stein

Gravatar is a globally recognized avatar based on your email address. re: Admin.aspx permissions
  Rick Strahl
  Stein Goering
  Feb 15, 2018 @ 12:04pm

Make sure Windows Authentication is enabled on the server and that you're using a valid account.

+++ Rick ---

Gravatar is a globally recognized avatar based on your email address. re: Admin.aspx permissions
  Stein Goering
  Rick Strahl
  Feb 16, 2018 @ 08:18am

Both Basic and Windows Authentication were active.

I had to explicitly Deny access to the admin folder for the IUSR accounts. Just removing them from the allowed list was apparently not enough to force the login dialog.

--stein

Gravatar is a globally recognized avatar based on your email address. re: Admin.aspx permissions
  Rick Strahl
  Stein Goering
  Feb 16, 2018 @ 01:08pm

Depends what other users are configured. If Everyone or Users are configured it often still works. Using Deny on IUSR is usually the best approach and is what's also shown in the help topic.

+++ Rick ---

© 1996-2024