I have a website hosted in IIS and RavenDb is running as a service on another box. The WebSite is running an application pool as a domain service account user.
I am trying to restrict all access to the Raven server such that only users in a domain user group can have any access to to Raven Studio. I have successfully seen Raven throw a 401 response from the the website code when I used a local machine account. All other access to the Raven server via Raven Studio has been permitted no matter what I've tried.
I have RavenDb build 2750 and the license status is Commercial Standard.
The RavenDb.Server.exe.config file:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<appSettings>
<add key="Raven/Port" value="8080"/>
<add key="Raven/DataDir" value="D:\data\Raven.Data\System"/>
<add key="Raven/Authorization/Windows/RequiredGroups" value="Raven_Administrators_Group" />
<add key="Raven/AnonymousAccess" value="None" />
</appSettings>
<runtime>
<loadFromRemoteSources enabled="true"/>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<probing privatePath="Analyzers;Plugins"/>
</assemblyBinding>
</runtime>
</configuration>
The example above is one of dozens of iterations or trial and failures so far. The Raven_Administrators_Group is a local machine group on the box where the Raven server is running. There are no members that have been added to that group.
The Raven/Authorization/WindowsSettings document looks like this at the moment:
{
"RequiredGroups": [
{
"Name": ".\\Raven_Administrators_group",
"Enabled": true,
"Databases": [
{
"Admin": true,
"TenantId": "*",
"ReadOnly": false
}
]
}
],
"RequiredUsers": []
}
I have tried many different combinations of things.
It is unclear weather or not the Raven.Bundles.Authoriztion.dll bundle must be in the plugins folder or not.
It is unclear weather or not the Raven.Server.exe.configuration is independent of the Raven/Authorization/WindowsSettings document settings.