SSSeybert-8801 avatar image
0 Votes"
SSSeybert-8801 asked SamWu-MSFT commented

<authorization> <allow users="*" /> <deny users="?" /> </authorization> not responding as expected

The code worked last Tuesday, 9/28/2021. Something happened on GoDaddy related to our database that caused a problem and our site crashed. GoDaddy corrected the problem which they claim to be nonrelated. When I remove all "allow" and "deny" lines of code throughout the web.config, the site will run but the whole world has access to our site since there are no permissions. Anyone who puts our site's URL in a browser will have access to all.

When I put the line: <deny users="?" />

I get a 401.2 error.

The settings in IIS and look fine, the framework version (4.8.whatever) and that the authentication mode on both IIS and in the web.config file are set to "none" (because the username/password pairs are stored as cleartext in the web.config file itself)

Any ideas as to why I might be getting these errors?

· 8
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I am at a stand still. Can anyone send me in the right direction?

0 Votes 0 ·

@SSSeybert-8801 the <allow user="*" /> mean that allow all the user, the <deny user="?" /> mean that deny the unauthenticated user, what is your purpose for doing this? usually we use the following configuration to allow access as John and deny access to all other users. and can you post detailed error information about 401.2?

   <allow users="John"/>
   <deny users="*"/>

0 Votes 0 ·

I have tried both <deny users="*"/> & <deny users="?"/>
I was told the "?" was for all anonymous users.
The error is:

Server Error in '/' Application.
Access is denied.
Description: An error occurred while accessing the resources required to serve this request. The server may not be configured for access to the requested URL.

Error message 401.2.: Unauthorized: Logon failed due to server configuration. Verify that you have permission to view this directory or page based on the credentials you supplied and the authentication methods enabled on the Web server. Contact the Web server's administrator for additional assistance.

Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.8.4330.0

I am looking to pay someone if necessary to help me.

0 Votes 0 ·

I am looking for someone to help me with this...anyone???

0 Votes 0 ·
Show more comments

@SSSeybert-8801 Back to the original topic, what is the purpose of your configuration like this? If you only want to allow specific users to access the website, then you should follow my configuration above instead of this. or you can open a case via:

0 Votes 0 ·
Show more comments

0 Answers