I have an ssl web app with default and internet authentication providers. The default zone is setup to use windows authentication type. I've setup the internet zone to use forms. I'm using Active Directory for my provider. When I try to sign in with a site collection administrator, I get an access denied error that states "you are currently logged in as: user". It's hitting active directory and seeing I'm a legit user, but then it's saying I don't have rights for the site, even though I double/triple check that it's the site admin.
My googling skills are not sufficient for solving this one. Any suggestions?
In case I flubbed the web.config, here's what I have for the site and central administration:
<connectionStrings>
<add name="ADConnectionString"
connectionString="LDAP://000.000.00.0/DC=myDomain,DC=local"/>
</connectionStrings>
<membership defaultProvider="ADProvider">
<providers>
<add name="ADProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider,
System.Web, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString"
connectionUsername="user" connectionPassword="password"
attributeMapUsername="SAMAccountName" />
</providers>
</membership>
Best Answer
Becky,
Even though you're logging in with the site admin account, there isn't account equivalence between zones due to the difference in authentication providers -- even though they have the same backing store (AD).
To get yourself in through your FBA-extended Internet zone to do the work you'll need, I'd recommend setting up a full-access web policy for your admin account:
This approach is commonly needed when you first extend a site to a different backing membership store or leverage a new auth provider. The rights granted through a web application policy supersede any that might be specified in the site collection (if there is a conflict) and give you the first entry point into the desired site collection if no other account/mapping has valid access.
I hope this helps!