[IIS 6] A summary of my strange situation
From: Massimo (barone_at_mclink.it)
Date: 09/14/03
- Next message: Ken Schaefer: "Re: [IIS 6] A summary of my strange situation"
- Previous message: Massimo: "[Repost] - [Windows 2003] [IIS 6] A strange access problem"
- Next in thread: Ken Schaefer: "Re: [IIS 6] A summary of my strange situation"
- Reply: Ken Schaefer: "Re: [IIS 6] A summary of my strange situation"
- Reply: Karl Levinson [x y] mvp: "Re: [IIS 6] A summary of my strange situation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 14 Sep 2003 13:47:26 +0200
Here's a summary of the troubles I'm experiencing, of which I've been talked
in a previous thread. Now I'm posting again explaining all about my
security-related configuration, so maybe someone can help me out of this.
Here's the full story. I wanted to have my websites on another drive than
the main one, so I first installed IIS and then Microsoft Exchange (I need
OWA on my domain's main website), then I created a "web sites" dir on my D:
(data) drive, configured permission (hopefully in the right way, but see
later) and then I created a "www.mydoman.com" subdir inside it, where I
moved all of the contents of the original wwwroot. I then renamed the
Default Web Site (the one under which Exchange created its virtual subdirs)
to "www.mydomain.com", told it to respond only to requests with host headers
"www.mydomain.com" and point its home directory to "D:\web
sites\www.mydomain.com". Then I created new subdirs for every website I'm
hosting on this server (D:\web sites\www.anotherdomain.com"). In the IIS
configuration, I configured each website's home directory to be the proper
one. Then, for some DB-access related reasons, for each website I configured
the account under which IIS's anonymous connections operate to be an AD user
I created only for this purpose (which I gave access to the DB I'm using).
Now, everything works fine (eight websites), except I'm having some
authentication troubles on this server when I use Windows integrated
authentication for some webpages. When I enable it, on the main site, for
example, the website works only if I access it with URL http://www, and not
if I access it with http://www.mydomain.com. The same is true for every
other website or subdirectory I try to enable Windows authentication on
(http://test but *not* http://test.mydomain.com). Standard authentication
works fine everytime.
Everyone of these websites is configured to accept requests both for its
short name and its FQDN, of course.
Can it be a NTFS permission-related problem ? I gave full control to
administrators, web developers and SYSTEM, and I gave read permissions to
the IIS service accounts I'm using for websites (except for some of them
which actually *write* in their directory... I gave full control to their
service accounts); but I saw the standard permissions for wwwroot include
many more things... which of them are actually required for IIS to operate ?
I tried the same with another webserver I'm running, where I didn't change
anything about security from the default configuration, and everything works
fine there using Windows authentication, both with http://servername and
http://servername.mydomain.com; so I think the problem should be related to
the changes I made...
Please help me on this if you can, thanks.
Massimo
- Next message: Ken Schaefer: "Re: [IIS 6] A summary of my strange situation"
- Previous message: Massimo: "[Repost] - [Windows 2003] [IIS 6] A strange access problem"
- Next in thread: Ken Schaefer: "Re: [IIS 6] A summary of my strange situation"
- Reply: Ken Schaefer: "Re: [IIS 6] A summary of my strange situation"
- Reply: Karl Levinson [x y] mvp: "Re: [IIS 6] A summary of my strange situation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
