允许所有活动目录中的用户使用Windows身份验证访问IIS上的网站

Question

I have an asp.net website hosted on IIS 8.5 which uses windows authentication to login.

I have changed the authentication to windows as shown below: Windows authentication enabled

I have also made the necessary changes in web.config file to allow all users from my organization access the website.

<authentication mode="Windows" />
<authorization>      
  <allow users="*" />
  <deny users="?" />
</authorization>

The website works, however for some reason, only the users who's windows account has access to the server on which IIS is hosted can access the website.

The website has to be accessed by everyone in my organization. I think there should be some setting where I have to add the AD domain or some other issue which I am not able to find.

Please suggest, Thanks.

Answer 1

I had the same issue and just resolved it by changing the security configuration of the root folder of the website (when logged in the web server, right-click on the root folder eg wwwroot, select properties, security tab, then check the groups who has read permission). Since in your case RDP users are allowed to access, in that list you probably already have an element like "hostname\\Administrators" or "hostname\\Remote Desktop Users". In my case it was enough to add the "hostname\\Users" record to the list and giving it read, read & execute and list folder content permissions.