|
Home > Archive > IIS Server Security > May 2007 > Domain Account Access with anonymous access enabled
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Domain Account Access with anonymous access enabled
|
|
| JavierBolivia 2007-05-25, 7:17 pm |
| Hello IIS gurus,
Never mind the reason, but I need to configure a virtual directory with
anonymous access enabled (it's accesed by both domain users and non-domain
users in an intranet), but the users that do belong to the domain must access
the site with their domain account, instead of "IUSR_<machine_name>" (An
asp.net application needs to impersonate the domain users accounts, only when
it is in fact a domain users that is accessing the application).
I'm almost certain it's not posible but, just in case, I might just ask the
experts.
Is it posible?
Thank you in advance.
| |
| Ken Schaefer 2007-05-26, 1:20 am |
| In general this is not possible.
You could create two virtual directories that point to the same content.
Enable anonymous on one, and IWA on the other. (Re)Direct the user to the
appropriate virtual directory based on whether they are an internal or
external user...
Cheers
Ken
--
My IIS Blog: www.adOpenStatic.com/cs/blogs/ken
"JavierBolivia" <JavierBolivia@discussions.microsoft.com> wrote in message
news:2ADDBE84-E80F-49AA-9C9A-BCD4FD444FAC@microsoft.com...
> Hello IIS gurus,
>
> Never mind the reason, but I need to configure a virtual directory with
> anonymous access enabled (it's accesed by both domain users and non-domain
> users in an intranet), but the users that do belong to the domain must
> access
> the site with their domain account, instead of "IUSR_<machine_name>" (An
> asp.net application needs to impersonate the domain users accounts, only
> when
> it is in fact a domain users that is accessing the application).
>
> I'm almost certain it's not posible but, just in case, I might just ask
> the
> experts.
>
> Is it posible?
>
> Thank you in advance.
| |
| JavierBolivia 2007-05-26, 1:20 am |
| Hi Ken, thank you for replying. Is there a way to do what you specified
(redirecting based on the nature of the user) in IIS, or what you meant was
to do it by writing code in the application to acomplish it? I've asked some
people about how to do it in IIS by haven't find out how.
Thank you again.
Javier
"Ken Schaefer" wrote:
> In general this is not possible.
>
> You could create two virtual directories that point to the same content.
> Enable anonymous on one, and IWA on the other. (Re)Direct the user to the
> appropriate virtual directory based on whether they are an internal or
> external user...
>
> Cheers
> Ken
>
> --
> My IIS Blog: www.adOpenStatic.com/cs/blogs/ken
>
> "JavierBolivia" <JavierBolivia@discussions.microsoft.com> wrote in message
> news:2ADDBE84-E80F-49AA-9C9A-BCD4FD444FAC@microsoft.com...
>
>
| |
| Ken Schaefer 2007-05-27, 1:21 am |
| Hi,
You need to tell us how you would identify these two types of users first
:-)
For example is there a range of IP addresses that internal users use, and
external users use different IP addresses? If so, a piece of code can do the
necessary redirection for you.
Cheers
Ken
"JavierBolivia" <JavierBolivia@discussions.microsoft.com> wrote in message
news:064951EF-C880-418A-8C7E-46526BAE3F68@microsoft.com...[vbcol=seagreen]
> Hi Ken, thank you for replying. Is there a way to do what you specified
> (redirecting based on the nature of the user) in IIS, or what you meant
> was
> to do it by writing code in the application to acomplish it? I've asked
> some
> people about how to do it in IIS by haven't find out how.
>
> Thank you again.
> Javier
>
> "Ken Schaefer" wrote:
>
|
|
|
|
|