I have created Active Directory Group to allow access to certain user to IIS site (IIS version 8.5). Both, AD server and IIS site are running on different servers. All the users are allowed to login, but now I want to add a restriction where only certain users under specify AD Group are allowed the access. I tried following but it does not work.
AD Server:-
Create AD Group - Go to "Active Directory Users and Computers/domain node/" and right click New and add group name "Security Group"
Added Member to Group - right-click the group, and then click Properties. On the Members tab, click Add and added the user.
IIS Server:-
I have installed "URL Authorization" module as described in below link:
http://www.iis.net/configreference/system.webserver/security/authorization
Added following Rule in Web.config file to allow access to users under "Domain\Security Group1" to IIS site.
<system.webServer><security><authorization><remove users="*" roles="" verbs="" /><add accessType="Allow" users="" roles="Domain\Security Group1" /></authorization></security></system.webServer>
But, the above solution denies access to all users including users under AD group "Domain\Security Group1". It should just allows access to the AD group users only.
Am I specifying the roles (Domain/Security Group1) correctly? Am I missing anything?
How can I fix this issue?