Allow all users from active directory access website on IIS using windows authentication

2
votes

I have an asp.net website hosted on IIS 8.5 which uses windows authentication to login.

I have changed the authentication to windows as shown below: Windows authentication enabled

I have also made the necessary changes in web.config file to allow all users from my organization access the website.

<authentication mode="Windows" />
<authorization>      
  <allow users="*" />
  <deny users="?" />
</authorization>

The website works, however for some reason, only the users who's windows account has access to the server on which IIS is hosted can access the website.

The website has to be accessed by everyone in my organization. I think there should be some setting where I have to add the AD domain or some other issue which I am not able to find.

Please suggest, Thanks.

1
asp.netiisactive-directorywindows-authentication
What do you mean by "access to the server"? Access to RDP to the server?Gabriel Luci
"The website works, however for some reason, only the users who's windows account has access to the server on which IIS is hosted can access the website." What happens for the other users? idownvotedbecau.se/itsnotworkingLex Li
@GabrielLuci Yes, Users who's windows account have RDP access to the server (They all have Admin access) can access the website. But for other users who do not have RDP access, they keep seeing a username and password prompt which keeps poping up, even if credentials provided are right.M.F.
@LexLi Other users just keep seeing a popup which asks for username and password. Even if they enter their valid windows credentials, the popup keeps appearing without the website login screen ever loading.M.F.
Are there any restrictions on the other accounts that would prevent them from authenticating on that server (like the logon restrictions in AD Users and Computers). Logging into the website is technically logging on to the server, in a way.Gabriel Luci

1 Answers

1
votes

I had the same issue and just resolved it by changing the security configuration of the root folder of the website (when logged in the web server, right-click on the root folder e.g. wwwroot, select properties, security tab, then check the groups who has read permission). Since in your case RDP users are allowed to access, in that list you probably already have an element like "hostname\Administrators" or "hostname\Remote Desktop Users". In my case it was enough to add the "hostname\Users" record to the list and giving it read, read & execute and list folder content permissions.