I'm working on a ASP.net MVC intranet site that uses windows authentication. My web.config is set up with

<system.web>
  <authentication mode="Windows" />
  <authorization>
    <deny users="?" />
  </authorization>
</system.web>

Access to some parts of the site is also restricted using roles.

My main account is given the site administrator role, meaning that I have access to everything. This is fine for normal testing, but there are certain parts of the site that have more complex restrictions (e.g. user has role administrator OR (user has role X AND user is assigned to a group Y in the database)).

I've tried running site through Visual Studio, then opening another web browser as a different user, and when I access the site it pops up a windows authentication box but it won't accept any other logins - only when I enter my main account will it allow access. Roles don't have any affect on this, even when I add my second account as a site administrator it's denied access using this method.

What am I doing wrong here? Is there some other method to test using multiple users?

Related posts

Recent Viewed