Menu
I want to secure the application pages in SharePoint 2013 with Claims authentication, it does not seem to be working.
<configuration>
<location path="_layouts/15/settings">
<system.web>
<authorization>
<allow users="demo\user1"/>
<deny users="*" />
</authorization>
</system.web>
</location>
</configuration>
however it works on Windows based authentication.
Update: 21-May-15:
I have fixed this
<configuration>
<location path="_layouts/15/settings">
<system.web>
<authorization>
<allow users="0#.w|demo\user1"/>
<deny users="*" />
</authorization>
</system.web>
</location>
however It is not authorizing the AD group, have tried as mentioned below.
<allow users="c:0+.w|demo\group1"/>
<allow roles="c:0+.w|demo\group1"/>
<allow users="0+.w|demo\group1"/>
<allow roles="0+.w|demo\group1"/>
<allow users="demo\group1"/>
<allow roles="demo\group1"/>
<allow users="c:0+.w|sid"/>
<allow roles="c:0+.w|sid"/>
<allow users="0+.w|sid"/>
<allow roles="0+.w|sid"/>
<allow users="sid"/>
<allow roles="sid"/>
How do I authorize both the individual user and AD groups?
update : 22-May-2015
<location path="_layouts/15/viewlsts.aspx">
<system.web>
<authorization>
<allow users="Group1" />
<allow users="Domain\Group1" />
<allow users="0#.w|Domain\Group1" />
<allow users="c:0+.w|Domain\Group1" />
<allow users="s-1-5-21-1971354296-1767978563-xxxxxxx-yyyyyy" />
<allow users="0+.w|s-1-5-21-1971354296-1767978563-xxxxxxx-yyyyyy" />
<allow users="c:0+.w|s-1-5-21-1971354296-1767978563-xxxxxxx-yyyyyy" />
<allow roles="Group1" />
<allow roles="Domain\Group1" />
<allow roles="0#.w|Domain\Group1" />
<allow roles="c:0+.w|Domain\Group1" />
<allow roles="s-1-5-21-1971354296-1767978563-xxxxxxx-yyyyyy" />
<allow roles="0+.w|s-1-5-21-1971354296-1767978563-xxxxxxx-yyyyyy" />
<allow roles="c:0+.w|s-1-5-21-1971354296-1767978563-xxxxxxx-yyyyyy" />
<deny users="*" />
</authorization>
</system.web>
</location>
Still it is not working.
333
Claims-based authentication. Claims-based authentication enables systems and applications to authenticate a user without requiring the user to disclose more personal information (such as social security number and date of birth) than necessary.
To grant permission, go to the appinv. aspx page of your site. Once the page is loaded, add the client ID in App Id field and click on the Lookup button. On clicking the Lookup button, it will fill in other information like Title, App Domain, and Redirect URL.
Claims-based authentication is user authentication that utilizes claims-based identity technologies and infrastructure. Applications that support claims-based authentication obtain the security token from the user and use the information within the claims to determine access to resources.
The prefix is different for groups.
Have you tried ?
<allow users="c:0+.w|demo\group1"/>
If it works, you can then authorize groups and users like this
<allow users="c:0+.w|demo\group1,0#.w|demo\user1"/>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
