I want to secure the application pages in SharePoint 2013 with Claims authentication, it does not seem to be working.
<configuration>
<location path="_layouts/15/settings">
<system.web>
<authorization>
<allow users="demo\user1"/>
<deny users="*" />
</authorization>
</system.web>
</location>
</configuration>
however it works on Windows based authentication.
Update: 21-May-15:
I have fixed this
<configuration>
<location path="_layouts/15/settings">
<system.web>
<authorization>
<allow users="0#.w|demo\user1"/>
<deny users="*" />
</authorization>
</system.web>
</location>
however It is not authorizing the AD group, have tried as mentioned below.
<allow users="c:0+.w|demo\group1"/>
<allow roles="c:0+.w|demo\group1"/>
<allow users="0+.w|demo\group1"/>
<allow roles="0+.w|demo\group1"/>
<allow users="demo\group1"/>
<allow roles="demo\group1"/>
<allow users="c:0+.w|sid"/>
<allow roles="c:0+.w|sid"/>
<allow users="0+.w|sid"/>
<allow roles="0+.w|sid"/>
<allow users="sid"/>
<allow roles="sid"/>
How do I authorize both the individual user and AD groups?
update : 22-May-2015
<location path="_layouts/15/viewlsts.aspx">
<system.web>
<authorization>
<allow users="Group1" />
<allow users="Domain\Group1" />
<allow users="0#.w|Domain\Group1" />
<allow users="c:0+.w|Domain\Group1" />
<allow users="s-1-5-21-1971354296-1767978563-xxxxxxx-yyyyyy" />
<allow users="0+.w|s-1-5-21-1971354296-1767978563-xxxxxxx-yyyyyy" />
<allow users="c:0+.w|s-1-5-21-1971354296-1767978563-xxxxxxx-yyyyyy" />
<allow roles="Group1" />
<allow roles="Domain\Group1" />
<allow roles="0#.w|Domain\Group1" />
<allow roles="c:0+.w|Domain\Group1" />
<allow roles="s-1-5-21-1971354296-1767978563-xxxxxxx-yyyyyy" />
<allow roles="0+.w|s-1-5-21-1971354296-1767978563-xxxxxxx-yyyyyy" />
<allow roles="c:0+.w|s-1-5-21-1971354296-1767978563-xxxxxxx-yyyyyy" />
<deny users="*" />
</authorization>
</system.web>
</location>
Still it is not working.
The prefix is different for groups.
Have you tried ?
<allow users="c:0+.w|demo\group1"/>
If it works, you can then authorize groups and users like this
<allow users="c:0+.w|demo\group1,0#.w|demo\user1"/>