0

I have an ASP.NET application on a web server but I keep receiving an error about the login. We have a security group (in Active Directory) that I (and many others) are a member of. In an attempt to have the server allow members of this group to have access to the application I have done the following:

IIS 10, Windows Server 2016, SQL Server 2019

Web.config

Connection string - Integrated Security = true

<add name="SensitiveDataLogEntities" 
     connectionString="metadata=res://*/Models.SensitiveDataLogEntities.csdl|res://*/Models.SensitiveDataLogEntities.ssdl|res://*/Models.SensitiveDataLogEntities.msl;provider=System.Data.SqlClient;provider connection string=&quot;data source=MySqlServer;initial catalog=SensitiveDataLog;integrated security=True;Trusted_Connection=yes;MultipleActiveResultSets=True;App=EntityFramework&quot;" 
     providerName="System.Data.EntityClient" />

Allow role = SDL_Users

<system.web>
    <authentication mode="Windows"/>
    <authorization>
        <allow roles="SDL-Users"/>
    </authorization>
</system.web>

As well as here:

<system.webServer>
   <security>
       <authorization>
           <add accessType="Allow" roles="SDL-Users" />
       </authorization>
   </security>
</system.webServer>

HomeController:

[Authorize(Roles =@"DOMAIN\SDL-Users")]
public ActionResult Index()

Web Server IIS

  • Authentication: Windows Authentication = Enabled
  • Application Pool Identity: ApplicationPoolIdentity

SQL Server security: group SDL-User is a db_datawriter to the database.

But when trying to view the app in Chrome, I get the following:

enter image description here

Improve this question
4
  • 1
    The default installation of IIS 7 and later does not include the Windows authentication role service. See this article Adding Windows Authentication Providers Commented Feb 17 at 15:23
  • Have you tried adding authenticationScheme=NTLM ? Commented Feb 17 at 19:20
  • IIS already has Windows Authentication checked so that role service is included. Commented Feb 18 at 14:34
  • you have set the app pool identity to its default that does not have enough permission to the sql database, could you try to set the domain account to the iis app pool identity which has enough permission to access the database or allow iis app pool identity access to the database. could you share your whole web.config code here if it still does not work Commented Feb 19 at 6:03
Related questions
5
Service-based Database connection string
1
SQL Server Security Permissions issue
3
How to configure IIS authentication for ASP.NET Core application to use SQL Server
Load 3 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.