I have a web app that I wish to limit execution access to a universal
security group during beta test...

I've tried restricting permissions using ntfs, the virtual directory
and the net.config file (which I assume will not work as this is not a
vb.net app).

So far, access is still universal. Any ideas?


HankC

Hi Hank,

Did you disabled anonymous access on the virtual folder in question? You
should disable anonymous access and enable Integrated Windows
Authentication. Then, on the physical folder, set the NTFS permissions
required for the group. Wihout anonymous access, as soon someone request the
protected resource, IIS will respond with a 401, and your browser will take
care of authentication proccess. In case of IE it will try the current
credentials of the logged on user before prompting for username/password. To
make sure who is the user accessing the resource check the IIS log files.

Cheers,

Eric.

[quoted text, click to view]