ConfigurationManager.AppSettings["UserFullPermission"] is not working properly on web server and it directs me to AccessDenied.aspx even though my username is available in that key RRS feed

  • Question

  • User-595966692 posted

    I want to restrict access to my web application to a limited set of users. For this reason, I did the following:

    1) In web.config file, I added this code:

        <add key="UsersFullPermission" value="myUserName" />


    2) In Default.aspx, I added the below line before Page_Load event:

    string LoginUserName = HttpContext.Current.Request.LogonUserIdentity.Name.ToString().Split('\\')[1];

    3) Inside Page_Load event, I addded the below code:

    if (!IsPostBack)
                    if (!ConfigurationManager.AppSettings["UsersFullPermission"].ToLower().Contains(LoginUserName.ToLower()))

    It seems everything is working fine when I build the solution in localhost. However, when I published my solution and accessed it from the web browser, it took me directly to AccessDenied.aspx. Any explanation why this behavior occurred? Is it something in my code or something in the web server that must change? Please advise.

    Tuesday, August 14, 2018 11:57 AM

All replies

  • User1120430333 posted

    You are most likely using IIS Express locally that is not IIS. So you deploy to IIS where all ASP.NET Web programs run under the context of the ASP.NET Worker process  WPW3.exe  that is servicing the App Pool that is hosting the Web program. The App Pool sets the credentials the ASP.NET Worker Process presents to access resources on the behalf of the Web program, which is getting the access denied.


    You can push the ASP.NET Web project out to local IIS and debug it through VS and find out the credentials needed  by the App Pool to access a given resource. Of course, the resource must allow the credentials presented to access the resource.  


    You should also look into ASP.NET Impersonation too.


    Tuesday, August 14, 2018 1:03 PM