ASP.Net Authenticate users from another trusted forest

Question

Hi, I want to authenticate users from another (trusted) forest in my Asp.Net application. So far, i've got this in my web.config:

<?xml version="1.0"?>
<configuration>
  <appSettings/>
  <connectionStrings/>
  <system.web>
    <compilation debug="true" />
    <authentication mode="Windows" />
    <authorization>
      <deny users="?"/>
    </authorization>
  </system.web>
</configuration>

My application is running on a server in domain A, in forest A. I want to restrict access to my application to a group in domain A. This group will be a 'domain local group'. This group will contain users from domain B in forest B. Forest B is trusted by forest A.

Having said all that, if there's a better way, let me know.

Thanks in advance

-update-

I've just tested it with users, and the User.Identity.Name does seem to be correct. Also, User.IsInRole seems to be giving me the expected results when checking if the user in the other forest is in my forest's domain local group. Still just need some luck getting the 'allow' and 'deny' thing to work in the web.config.

Answer 1

Ok, just worked for me, doing it like this:

<?xml version="1.0"?>
<configuration>
  <system.web>
    <authentication mode="Windows"/>
    <authorization>
      <allow roles="MYDOMAIN\MyDomainLocalGroup"/>

      <deny users="*"/>
      <deny users="?"/>
     </authorization>
  </system.web>
</configuration>

Amusingly, this is the plain normal way to do asp.net authentication, restricting users to only those in a certain group. I'm unsure why it didn't work the first time.