Application Pool with domain user identity does'nt work with anonymous access disbled

Web Server Talk > Web Servers reviews > IIS server support > IIS Server Security > Application Pool with domain user identity does'nt work with anonymous access disbled

Last Thread Next Thread Next

Application Pool with domain user identity does'nt work with anonymous access disbled

ReneMo

Click here to Send ReneMo a Private Message

07-19-04 11:28 AM

A virutal directory with anonuymous access disabled doesn't work in aan appl
ication domain running a domain user as Identity.

The domain user is local admin on the intranet server, member of IIS_WPG and
 has all privileges of Network Service I could find.

If I switch on anonymous access, I can acces my web pages, but the the virtu
al directory contains an ASP.NET application which needs the identity of who
 is using it trough impersonation and access to files on another server.

In the defaultAppDomain with Network Service everything runs fine exept I ca
n access my files on the other server.

What am I missing or is this simply not supported?

[ Post a follow-up to this message ]

Re: Application Pool with domain user identity does'nt work with anonymous access disb

Ken Schaefer

07-19-04 10:56 PM

From your post it's a little unclear whether:
a) you want to use a fixed identity to connect to the network share (in
which, when you create the virtual directory that is mapped to the remote
share you can enter fixed credentials

-or-

b) you want to pass through the authenticated users credentials to the
remote share. If you want to do this you have three options:

1) Use basic authentication. IIS has the user's username and password
and can directly access the remote network share as the user
2) Use Kerberos authentication and delegation. Kerberos is part of
Integrated Windows Authentication (IWA). You should read the following
document to troubleshoot Kerberos issues:
http://www.microsoft.com/technet/pr...y/tkerbdel.mspx
3) Use a non-Kerberose authentication system (eg NTLM v2, or Digest),
and use Protocol Transition (requires Windows 2003 Server Domain + Windows
2003 server on all machines participating):
http://www.microsoft.com/technet/pr...y/tkerbdel.mspx

Cheers
Ken



"ReneMo" <ReneMo.19n5t2@mail.webservertalk.com> wrote in message
news:ReneMo.19n5t2@mail.webservertalk.com...
>
> A virutal directory with anonuymous access disabled doesn't work in aan
> application domain running a domain user as Identity.
>
> The domain user is local admin on the intranet server, member of
> IIS_WPG and has all privileges of Network Service I could find.
>
> If I switch on anonymous access, I can acces my web pages, but the the
> virtual directory contains an ASP.NET application which needs the
> identity of who is using it trough impersonation and access to files on
> another server.
>
> In the defaultAppDomain with Network Service everything runs fine exept
> I can access my files on the other server.
>
> What am I missing or is this simply not supported?
>
>
>
> --
> ReneMo
> ------------------------------------------------------------------------
> Posted via http://www.webservertalk.com
> ------------------------------------------------------------------------
> View this thread: http://www.webservertalk.com/message313445.html
>

[ Post a follow-up to this message ]