Re: IIS security problem

From: Brjann Brekkan (
Date: 10/30/02

From: "Brjann Brekkan" <>
Date: Wed, 30 Oct 2002 22:48:27 +0100

This is a problem with how the user logs on and where the Access Token is
 The Access Token can only make one hop! From Client machine to Webserver or
from Webserver to AD server. This means that when you logon to your machine
you will create your token and then when you access web server with
integrated authentication that Token is presented to the webserver and
you're logged on based on that info. Now you want to use your credentials to
update records in AD but when the Webserver can't use your token to access
the AD Server.
Solution is to use Basic Authentication because the Access Token is created
on the webserver when it receives your username and password. The Server can
then use your Access Token to access AD Server.

Solution nr 2 is to use Kerberos Delegation, if all machines in this
solution are part of the AD and the User account is a member of that domain
you could use this technique. I havenīt tested this in a long time but what
I can remember is that the Webserver must be set to "Trusted for Delegation"
in AD Users and Computers. What I can't remember is if you have to change
that setting on the user accounts as well.

Hope this helps

Brjann Brekkan

"Alexander" <> wrote in message
> I build WEB application that searches and updates for Active Directory
> Users Data. Every logged in user can update himself.
> Now the problem:
> I do not familiar with IIS security engine. There are 3 possible
> security settings at IIS:
> -Basic authentication
> -Digest authentication
> -Integrated Windows Authentication
> The second option does not fit because of W2K limitation.
> If I use the "basic" security option, user CAN update his personal
> details, but before he starts the application a popup window rises and
> user need to enter his credentials.
> I do not want this popup , and I set Integrated Windows Authentication
> option. But at this time user CANNOT update his personal details
> !!!!!!!!!
> What can I do and why the problem rises ?????

Relevant Pages

  • Re: Need help configuring Wireless Connection profile
    ... Windows authentication for all users,4129,LRG\ryanv,4149,Wireless ... Vaillancourt,4155,1,4154,Use Windows authentication for all ... SMALL BUSINESS SERVER: ... STEP #1 Install Certificate Services ...
  • Re: WebDAV and windows authentication?
    ... I checked the IIS and it accepts integrated windows authentication. ... I do not use a proxy to access the server, ... SetCredentials I can access the exchange store, ...
  • Re: SQL Express 2008: Select User Name to Login
    ... Server type: Database Engine ... Authentication: Windows Authentication ... You need to select SQL Server authentication. ... Windows Authentication still works fine. ...
  • Re: IIS 5.0 Windows Authenticion/NT Challenge Response
    ... And so IIS returned 400, which says absolutely nothing about your question ... concerning authentication ... "Windows Authentication" works but not Basic or Anonymous. ... to auto-login to the web server, ...
  • Re: I cant login to Sql no matter what i try! im ignorant and i need help :)
    ... It sounds like your server is configured for Windows authentication ... >requested in login 'T254DN_Staging'. ...