Windows Authentification with IIS and domain groups

Question

We have a web application (ASP.NET MVC) installed on IIS for one of our clients with Windows Authentication enabled.

The authentication is working perfectly but the problem is at the authorization level. The authorization type is role-based authorization.

So we have three levels of authorization: MISV_Administrator MISV_Normal MSIV_Readonly

If we create these groups locally on the same machine where IIS and our web application are installed and assigns domain users to them then the users are able to access our application. But if we create these same groups in the active directory as domain global groups and assigns the users to these ones instead then now the users receive an unauthorization error.

Both machine, the Active directory server and the IIS server are on the same domain.

So I don't understand why it's working locally but not with the global group?

@GregAskew No I didn't define that settings in the web.config — Francis B., Jun 15 '15 at 18:32
If you aren't using the IIS role provider you need to contact the developer of the application. Or you could just add the domain groups to the local groups and be done with it. — Greg Askew, Jun 15 '15 at 18:42

score 1 · Accepted Answer · answered Jun 15 '15 at 17:28

1

It is likely your application is explicitly looking for those groups on the local machine rather than the domain. If you wrote the application, you need to fix it. Otherwise, contact the application vendor.

answered Jun 15 '15 at 17:28

Ryan Bolger

16,472
3
40
59

Windows Authentification with IIS and domain groups

1 Answers1