IIS Server - Re: windows integrated authentication does not work with a configurable application po

This is Interesting: Free IT Magazines  
Home > Archive > IIS Server > February 2004 > Re: windows integrated authentication does not work with a configurable application po





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Re: windows integrated authentication does not work with a configurable application po
David Wang [Msft]

2004-02-04, 7:36 am

Yes, of course. It was not clear to me that Amol was interested in Kerberos
since he phrased it as "how do I get configurable AppPool Identity working
with a domain account with Integrated authentication", which can be solved
by either getting rid of the Kerberos requirements or doing all the Kerberos
requirements.

--
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"B-Dubs" <AweHellYeah@comcast.net> wrote in message
news:eXaCFX16DHA.3648@TK2MSFTNGP11.phx.gbl...
Only do that if you want to disable Kerberos. I was under the assumption
Amol was still interested in using Kerberos security.

B

"David Wang [Msft]" <someone@online.microsoft.com> wrote in message
news:OzC9JLx6DHA.2712@tk2msftngp13.phx.gbl...
quote:

> This may help resolve one common error we see customers make:
> CSCRIPT %SYSTEMDRIVE%\inetpub\adminscripts\adsut
il.vbs SET
> W3SVC/NTAuthenticationProviders NTLM
>
> --
> //David
> IIS
> This posting is provided "AS IS" with no warranties, and confers no

rights.
quote:

> //
> "Amol S" <worththeeffort2000@yahoo.com> wrote in message
> news:e2e60f60.0402031212.449ea3a1@posting.google.com...
> Hello Everyone,
> I have been trying to make windows integrated authentication work with
> a domain user account as the identity of an application pool for the
> last two weeks.I would like to configure the identity of the
> application pool in iis 6.0 to a domain account.I have made the domain
> account a member of the local IIS_WPG group of the server.I have also
> made the domain account a member of the "log on as a service" policy
> under the "User Rights Assignment" Security Settings in the Local
> Security Policy of the server.I have created an ASP.NET application on
> the web server and made it a part of that application pool.I have set
> windows authentication for the application by making these changes to
> the web.config file:
> .
> .
> authentication mode="Windows" />
> <authorization>
> <deny users="?" />
> </authorization">"
> .
> .
> I have even used setspn.exe to set a SPN on the domain account under
> which the application pool is running as suggested in this article.
>
>

http://www.microsoft.com/technet/tr...rkridentity.asp
quote:

>
> Even after all this,the web application fails to authenticate any
> domain user.When I navigate to any of the pages in the application,the
> login dialog box pops up three times before taking me to the "HTTP
> Error 401.1 - Unauthorized: Access is denied due to invalid
> credentials" error page.The authentication works if I turn Basic
> Authentication on for that web application or when I change the
> identity of the application pool to the predefined indenty "Network
> Service".I would really appreciate it if someone could throw some
> light on this issue and help me make windows integrated authentication
> work with a configurable application pool identity.Hoping to see a
> reply soon,thank you.
>
> Amol.
>
>




Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com