Allow login to app using IIS only for some users

Susja 711 Reputation points
2020-09-12T02:17:50.65+00:00

I have an app, e.g. SL. It's running on Web Server using IIS.
SL has it's own authentication method.
I don't want that any user with SL account be able to login. I want only those accounts that have Windows Authentication.
My goal: 1. create account for SL for a few users 2. enable Windows Authentication in IIS 3. list those users in IIS
My expectation: only users listed in IIS will be able to login into SL
I don't want to change web.config directly.
Could I use the Authorization Rules option: (see attachment)24222-authorization-rules.png

Thanks

Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,721 questions
0 comments

7 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Dave Patrick 426.1K Reputation points MVP
    2020-09-12T19:59:47.497+00:00

    You'll find the IIS experts over here in dedicated forums.
    https://forums.iis.net/

    --please don't forget to Accept as answer if the reply is helpful--

    1 person found this answer helpful.
    0 comments
  2. Vicky Wang 2,646 Reputation points
    2020-09-15T09:25:24.75+00:00

    Hi,
    Thank you for posting in our forum
    》》》My assumption is: if win_user01 wouldn't be granted access to 'directory 'he would fail to login. Is it correct?
    According to knowledge, this is ok
    Hope this information can help you
    Best wishes
    Vicky

    1 person found this answer helpful.
    0 comments
  3. Susja 711 Reputation points
    2020-09-12T16:31:19.723+00:00

    Well .. the option I attached above I took from IIS 7.5 running on Windows 2008 R2.
    In my case I have Window 2016 and IIS 10.0. It does not have "Authorization Rules" in IIS Section. It has "Authorization Rules" only in ASP.NET section.
    Could you advice please how to handle my issue in IIS 10.0 ?
    Thanks

    0 comments
  4. Susja 711 Reputation points
    2020-09-12T18:59:29.403+00:00

    I added to web.config element
    <authorization>
    <allow users="abc\user1, abc\user2"/>
    <deny users="?"/>
    </authorization>

    But I've got 404 Error. What I did wrong?

    0 comments
  5. Susja 711 Reputation points
    2020-09-13T01:29:18.543+00:00

    @Dave Patrick - thanks for heads-up. I asked my question on that forum

    P.S. Since modifying web.config did not work for me I tried another approach.

    1. I created a user on app SL e.g. user1
    2. I changed Authentication in IIS and set it for 'Windows Authentication" enabled
    3. I went to security Tab of directory where my site is located e.g. C:\inetpub\wwwroot\app and added user e.g. win_user01 and granted read, list folders and execute permission.

    Is my expectation of workflow correct:
    user win_user01 is a valid user of our network hence when he'll login into his client 'Windows Authentication" will be in place.
    Next .. he opens the browser e.g. Chrome and tries to connect to SL app. He will have to provide user1 creds and be able to login.
    My assumption is: if win_user01 wouldn't be granted access to 'directory 'he would fail to login. Is it correct?
    In other words … only users that are added to directory and granted permission will be able to login into application. Is it correct?
    Thanks

    0 comments