I am having trouble getting my IIS 7.5 server on Windows 7 to have the security I want.
I want a portal page that anyone can access, and on that page I will have links to virtual directories. I want each virtual directory to be tied to a specific local user group that can access that web application.
Based on what I have found online, as well as this article: Restrict access to IIS site to an AD Group, I configured my web.config as follows. I enabled Windows Authentication through the Add/Remove features, and I have set the NTFS permissions of the web app directory to allow access to the local group.
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<authorization>
<allow users="computer\SITE Read"/>
<!-- <deny users="*"/> -->
</authorization>
</system.web>
</configuration>
Despite all this, I still get the following error:
Error message 401.3: You do not have permission to view this directory or page using the credentials you supplied (access denied due to Access Control Lists). Ask the Web server's administrator to give you access to
