lunedì 20 maggio 2013

Is it possible in IIS to set up a site in IIS and only let users of a certain AD Group get access to it?

http://serverfault.com/questions/352647/restrict-access-to-iis-site-to-an-ad-Group
Is it possible in IIS to set up a site in IIS and only let users of a certain AD Group get access to it?

The following should work, depending on your IIS version. You'll need to add a web.config if you don't have one (though you should on IIS7) in the directory root of your site. The below will allow Domain Admins and deny Domain Users (fairly self explanatory). Make sure you line up the config sections if you already have a section, etc.
<configuration>
  <location path="MyPage.aspx/php/html">
      <system.web>
         <authorization>
            <allow users="DOMAIN\Domain Admins"/>
            <deny users="DOMAIN\Domain Users"/>
         </authorization>
      </system.web>
   </location>
</configuration>
You will need Windows Authentication enabled under Authentication in your site preferences for this to work, obviously, but I assume you already have this enabled.
share|improve this answer
Above does not work in IIS7 you need to use the role attribute, also if you want to restrict the whole site you dont need the location element
<authorization>
  <allow roles="DOMAIN\Domain Users"/>
  <deny users="*" />
</authorization>

Nessun commento: