Hello,
I experience a strange problem :
I have 2 accounts : test_1 and test_2
I enable "Basic authentification" and disable "Anonymous authentification" in IIS on the directory I want to protect ("protected_dir").
Then I edit the ".NET Authorization rules" by adding a "allow" rule for the account test_1 (it's the only rule, no inheritance)
But when I try to access the protected_dir with my browser, I'm authorized not only with test_1 but also with test_2 and all the accounts I have on the server.
What did I do wrong ??
Deny access to test_2 is not a solution because it means that I need to deny access to any account on any protected directory on the server, and remember which directory to protect each time I will add a new account.
So is there a real solution to give access by http to a directory for only one account and not all the others ?
Thanks a lot for your help !