Upgraded to 288. Same issues. My IIS Config:
WebRoot = Intranet
VirtualDir = flexwiki
Anonymous Access to flexwiki is unchecked. Integrated Windows Auth is
checked.
Authentication in wiki.config
<authentication mode="Windows" />
<authorization>
<allow users="*" />
</authorization>
<identity impersonate="true" />
Default NameSpace = IBSWiki, anyone is allowed to edit. Domain Users
added to ACL's, and no other ACL's changed for this namespace, i.e.
IUSR_HOST, IIS_WPG.
NameSpace to protect = AdminWiki, removed ALL users from root namespace
directory, added Supervisors group, Domain Admins, local Administrators,
reset ownership, and replace permissions down recursively.
Log in as ordinary user, with only Domain Users group association, and
am allowed to enter AdminWiki, click Edit, but prompted for alternate
credentials when attempting to save. So I am protecting the contents
from writing, but not from viewing.
In addition to modifying the ACL's at the file level, should I also be
adding something like this to the flexwiki.config?
<AuthorizationRules>
<Rule Type="Allow" Action="Read" Principal="roll:supervisors"
/>
<Rule Type="Allow" Action="Edit" Principal="roll:supervisors" />
<Rule Type="Deny" Action="Read" Principal="all" />
</AuthorizationRules>
If so, where the devil are the rolls set, and how?
If I'm in a Windows Domain environment, does the wiki auth module know
to prefix the group with MyDomain\ , or do I have to add this bit?
My experience with other Wiki products is there is a topic with users
listed like this:
Topic = supervisors
Contents:
jcroson
bsmith
anotheruser
Sorry for so many questions, but I've failed to find documentation on
this anywhere on the FlexWiki site, but have read and re-read:
FlexWikiSecurity, FlexWikiAuthentication , and FlexWikiAuthorization .
Thanks in advance.
On Tue, 2009-03-03 at 11:46 -0500, John Davidson wrote:
> Hi John,
>
>
>
> First problem is that you need to disable anonymous access. You know
> that this has been done correctly when only someone in a windows group
> or on the server using a local account is able to make changes.
>
>
> From the Administrative Tools in Control Panel, open the Internet
> Information Services. Display the list of web sites in this tool and
> then right-click on the site containing FlexWiki and choose
> "Properties" from the menu displayed. Then in the property sheet,
> select the tab Directory Security. Click the Edit button for the
> anonymous access and authentication control section. Uncheck the
> "Anonymous Access" option and then make sure the option "Integrated
> Windows Authenication" is checked. Close the property sheet and
> restart IIS. This should fix the permissions issues
>
>
> I believe you will have to upgrade to the current version 288 for me
> to be able to help with issues requiring restarts and missing files.
>
>
> Let me know if you are still having problems after upgrade.
>
>
> John Davidson
>
>
> On Tue, Mar 3, 2009 at 8:48 AM, John Croson
> <john.cro...@ihbsonline.com> wrote:
>
> Hello. Hope someone here has seen this behavior before, and
> can provide guidance.
>
> My FlexWiki version is 2.0.0.236, on IIS 6.
>
> I seem to be having two seemingly unrelated issues.
>
> 1. I have been trying in vain to lock down a Namespace, using
> windows ACL as described here:
> http://www.flexwiki.com/default.aspx/FlexWiki/AccessControl.html
>
> This has not worked. Simply allows ordinary users to read
> anything, even though I've set permissions to Domain Admins
> and a management group. They have been denied the ability to
> write.
>
>
>
> 2. The namespace I've been trying to lock down, has been
> behaving in an odd manner in terms of topic linking. I have a
> Technical Notes page, with a number of links to inner topics
> in that namespace. Occasionally, the links to the topics
> appear as if they've never been created.
>
> If I click on these, they behave as one would expect; FlexWiki
> wants to create a new topic.
>
> Interestingly, links to other hosts appear and work as
> expected.
>
> The only way I've found to fix this is to issue an iisreset
> command on my IIS box.
>
> Any ideas?
>
> Thank you.
>
>
> John Croson
> Information Technology Manager
>
> Integrated Healthcare Business Solutions
> 9875 South Franklin Drive
> Franklin, WI 53132
> ihbsonline.com
> john.cro...@ihbsonline.com
> v 414.858.2209
> f 414.858.2260
>
> E-MAIL CONFIDENTIALITY DISCLAIMER: This message is
> confidential, and may contain highly sensitive information
> that is intended only for the named recipient(s), which is
> privileged or exempt from disclosure under applicable laws. If
> this e-mail has reached you in error, you are notified that
> the dissemination, distribution or copying of this message is
> strictly prohibited. If such is the case, please notify the
> sender via e-mail address or telephone number (414) 858-2200
> and destroy this document immediately.
>
>
>
> ------------------------------------------------------------------------------
> Open Source Business Conference (OSBC), March 24-25, 2009, San
> Francisco, CA
> -OSBC tackles the biggest issue in open source: Open Sourcing
> the Enterprise
> -Strategies to boost innovation and cut costs with open source
> participation
> -Receive a $600 discount off the registration fee with the
> source code: SFAD
> http://p.sf.net/sfu/XcvMzF8H
> _______________________________________________
> Flexwiki-users mailing list
> Flexwiki-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/flexwiki-users
>
>
>
>
John Croson
Information Technology Manager
Integrated Healthcare Business Solutions
9875 South Franklin Drive
Franklin, WI 53132
ihbsonline.com
john.cro...@ihbsonline.com
v 414.858.2209
f 414.858.2260
E-MAIL CONFIDENTIALITY DISCLAIMER: This message is confidential, and may
contain highly sensitive information that is intended only for the named
recipient(s), which is privileged or exempt from disclosure under
applicable laws. If this e-mail has reached you in error, you are
notified that the dissemination, distribution or copying of this message
is strictly prohibited. If such is the case, please notify the sender
via e-mail address or telephone number (414) 858-2200 and destroy this
document immediately.
<<attachment: ihbs.png>>
<<ihbs.png>>
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H
_______________________________________________ Flexwiki-users mailing list Flexwiki-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/flexwiki-users
