My mistake. The local Users group was populated with a domain group that
included the test accounts I was using-and that local Users group had
default modify permissions on my namespace directories.
In the end, then, using the settings you and Jonathan recommended worked
just as promised.
Thanks
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Bestul, Kurt
Sent: Friday, August 15, 2008 2:09 PM
To: FlexWiki Users Mailing List
Subject: Re: [Flexwiki-users] restricting group
accessinwindowsauthentication environment
What does the <identity impersonate="true"> tag purport to do? When I
use it, any user can log onto the site-regardless of whether the ntfs
permissions should be preventing it, but they get the "you do not have
permission to change this topic" message when they select to edit a
topic.
When I eliminate the <identity impersonate="true">, still any user can
log onto the site-regardless of whether the ntfs permissions should be
preventing it, AND they can edit topics.
And, yes, I've been stopping and restarting IIS & WWW with every
configuration tweak.
Thanks.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John
Davidson
Sent: Friday, August 15, 2008 1:24 PM
To: FlexWiki Users Mailing List
Subject: Re: [Flexwiki-users] restricting group access
inwindowsauthentication environment
Hi Kurt,
Did you restart IIS after making the changes?
IIS_WPG should not be playing any part in ability to change web pages,
at best this should only be a read privilege.
Try removing the <identity impersonate="true" /> line
John Davidson
On Fri, Aug 15, 2008 at 1:58 PM, Bestul, Kurt <[EMAIL PROTECTED]>
wrote:
The IIS_WPG group permissions should be left as-is for the namespace
directories, right?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John
Davidson
Sent: Friday, August 15, 2008 11:43 AM
To: FlexWiki Users Mailing List
Subject: Re: [Flexwiki-users] restricting group access in
windowsauthentication environment
Hi Kurt,
Under the scenario you are describing there is no need for any
<AuthorizationRules>. This is because you are limiting access to a
single group and that group has full access throughout the entire wiki
_and_ you are using Windows Authentication.
In your web.config file you should have
<system.web>
<aurthentication mode="Windows"/>
<authorization>
<deny users"?" />
</authorization>
<identity impersonate="true" />
</system.web>
Ensure that you enable Integrated Windows Authentication in the IIS
Directory Security dialog.
In addition you must change the security rights on the directories for
the namespace folders so that access for "ASPNET" or "NETWORK SERVICE"
is removed and the Windows Group is given the rights that "ASPNET" or
"NETWORK SERVICE" had (Modify). Finally ensure the same changes are made
to the file flexwiki.config in the root folder of the wiki.
If this is not complete or you are still having problems let us know
John Davidson
On Fri, Aug 15, 2008 at 11:59 AM, Bestul, Kurt <[EMAIL PROTECTED]>
wrote:
I am using windows authentication and want to control access to the
wiki. Specifically, I want to give full access--editing and
administration--to a single Active Directory group and deny all other
users any access to the wiki.
I can't quite decipher what syntax I should use in the
<AuthorizationRules> section of web.config to accomplish this. Any help
would be greatly appreciated.
------------------------------------------------------------------------
-
This SF.Net email is sponsored by the Moblin Your Move Developer's
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the
world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Flexwiki-users mailing list
Flexwiki-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/flexwiki-users
------------------------------------------------------------------------
-
This SF.Net email is sponsored by the Moblin Your Move Developer's
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the
world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Flexwiki-users mailing list
Flexwiki-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/flexwiki-users
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Flexwiki-users mailing list
Flexwiki-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/flexwiki-users
