Application pool security
- From: deja@xxxxxxxxxxxx
- Date: 26 Jun 2006 04:00:00 -0700
hi,
I'm not getting the results I expected when setting up authorization in
my web service. I have a web application that runs under an application
pool identity (with Windows authentication). This application then
calls a web service which is also setup to run under the same
application pool identity (a valid domain account) with Windows
authentication (anonymous user turned off in IIS).
I am getting status 401 unauthorized. At the moment my authorization
section has allow users=* in both the application and the web service.
I was assuming that the application would call the web service under
the Application pool identity and be authorized (as it is a windows
domain account).
If I could get this bit to work I would then change my web service
authorization section to only "allow users=serviceaccount" which will
ensure that only specific web applications will consume it rather than
users being able to get to the data directly.
When I switch the web service to allow anonymous user it works fine but
obviously this doesn't do what I want. Is it because of the way that
the account has been setup by the domain administrators? Could this be
why?
TIA
Phil
.
- Follow-Ups:
- Re: Application pool security
- From: deja
- Re: Application pool security
- Prev by Date: Re: login to Website using a SmartCard
- Next by Date: Re: Application pool security
- Previous by thread: List client certificates
- Next by thread: Re: Application pool security
- Index(es):
Relevant Pages
|
|
