views:

916

answers:

1

I'm running an ASP.NET web site on IIS 6.0 (Windows 2003), and the site uses "integrated windows authentication". The IWA configuration is not a must (until now), but is configured anyway. The application pool runs as the "Network Service". Also, in web.config, there's the line "". The problem I'm facing now is that there's a new request to limit access to a specific page, so that only a limited number of users (a single group in the active directory) could gain access to it.

I've been trying to change NTFS permissions on that file, but this doesn't work, as IIS is using "Network Service" to access the file, regardless the rest of the permissions. Removing "Network Service" (or the "Users" group) from the ACL, would cause the page not to work at all.

So how can I limit access to a specific page, only for specific users?

+4  A: 

You can use the following in your web.config:

<configuration>
   <location path="ProtectedPage.aspx">
      <system.web>
         <authorization>
            <allow users="SomeUser"/>
            <deny users="?"/>
         </authorization>
      </system.web>
   </location>
</configuration>
duckworth
Alternately, you can specify roles instead of users, such as <allow roles="Admin"/>
DOK
Worked. Thanks. Actuall, I used <allow roles="DOMAIN\GROUP"/> and <deny users="*"/>.
Moshe