Microsoft KB Archive/910610

= Users who are explicitly denied access to an ASP.NET Web application are still allowed access =

Article ID: 910610

Article Last Modified on 2/21/2006

-

APPLIES TO


 * Microsoft .NET Framework 1.1

-





SYMPTOMS
When you try to configure role-based permissions in a Microsoft ASP.NET Web application, users who are explicitly denied access to the ASP.NET Web application are still allowed access.

For example, you configure role-based permissions in the Web.config file for the ASP.NET Web application as follows.    However, the ASP.NET Web application allows access for  even though you explicitly denied access for   in the Web.config file for the ASP.NET Web application.



CAUSE
This problem occurs when Microsoft Windows SharePoint Services is installed on the computer. The Windows SharePoint Services installation adds and removes some HTTP modules from the Web.config file in the top-level content root folder (\Inetpub\wwwroot). These HTTP modules affect user permissions.



WORKAROUND
To work around this problem, include the missing HTTP modules in the Web.config file for the ASP.NET Web application. To do this, add the following lines of code to the Web.config file for the ASP.NET Web application.          </httpModules>

Keywords: kbprb KB910610

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.