Friday, August 26, 2011

IIS hosted Web site giving “Access denied” error when trying to access from remote machine


Make sure the person or group trying to access this site has proper access permission, you can do this in two ways
  1. From IIS
  2. In Web.Config
In IIS
  •       Open IIS (type “inetmgr” on Run)
  •       Clicks on hosted web site on the left panel
  •       On the right panel, clicks on the “.Net Authorization Rules” icon
  •       Add allow users or Roles
Correct Way: In follow way “user-1, user-2 and all members who comes under ‘group-1’ ” will be able to access this website


Wrong Way: In following way “user-2” will get “Access denied” error, in this way “deny” mode will skip “user-2”


Note:  “allow user” must be before “deny users” (Mode), Whenever you try to add new user it will add in the last and if you have “deny” all users already, then you cannot add new user from IIS, better you delete the deny users and then first add allow user and then add deny user.

  •        Again Clicks on hosted web site on the left panel
  •        Now clicks on “Authentication” icon and make “Window Authentication”  enabled
In Web.config

Correct Way: In follow way “user-1, user-2 and all members who comes under ‘group-1’ ” will be able to access this website


<configuration>
<system.web>
<authentication mode="Windows" />
<authorization>
  <deny users="?" />
  <allow roles="user-1" />
  <allow users="group-1" />
  <allow roles="user-2" />
  <deny users="*" />
authorization>
system.web>
configuration>

Wrong Way: In following way “user-2” will get “Access denied” error, in this way “deny” mode will skip “user-2”

<configuration>
<system.web>
<authentication mode="Windows" />
<authorization>
  <deny users="?" />
  <allow roles="user-1" />
  <allow users="group-1" />
  <deny users="*" />
  <allow roles="user-2" />
authorization>
system.web>
configuration>

No comments: