I'm trying to set up our websites to only allow access from users in certain AD groups using windows authentication but i can't seem to make it work. I've tried using IIS's authorization and restricting it to those groups only, but i don't have access from users that are in those groups. This seems like something that's supported, but I can't get it to work.
The pages are completely in .net as well, so i've tried specifying
<identity impersonate="true"/>
<authentication mode="Windows" />
<authorization>
<allow users="Domain\ProgramUsers"/>
<deny users="?"/>
</authorization>
in the web.config but then it allows people in who aren't part of the Program Users group, which doesn't make a lot of sense to me.
Best Answer
I think you need to specify:
At the moment you're blocking access only to non-authenticated users, i.e. regardless of group membership.