Re: IIS 6.0 and Permissions?
From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 09/18/03
- Next message: David Wang [Msft]: "Re: [IIS 6] A summary of my strange situation"
- Previous message: Ken Schaefer: "Re: Cookie and domain problem"
- In reply to: Mike: "IIS 6.0 and Permissions?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 17 Sep 2003 22:41:52 -0700
Read the F1-help in IIS Manager UI on how to configure Application Pool
Identity.
Application Pool Identity has no effects on creation of files on remote
domain servers -- i.e. IIS does not use that identity to run applications.
IIS always uses the impersonated user as the identity to run applications --
hence if you use anonymous access and configure the anonymous user to be a
domain user, anonymous requests will execute using that domain user's
credentials.
So, I don't think you even need to worry about permissions/privileges at
this point. I do not think you've configured the server properly yet.
What you need to do is:
1. Determine what user identity should be used to run your application such
that it can add users to a domain.
2. If you want to use the remote user identity (it's authenticated, not
anonymous) to do this, enable authentication
3. If you want anyone to be able to do this, configure a domain user
identity as Anonymous user and enable only Anonymous access.
AppPool Identity has no effect on any of this unless you're running code
that calls RevertToSelf(). If you don't know what that is, then chances are
you don't need to configure AppPool Identity at all.
-- //David IIS This posting is provided "AS IS" with no warranties, and confers no rights. // "Mike" <mzehner@hotmail.com> wrote in message news:O1R9T6GfDHA.1828@TK2MSFTNGP10.phx.gbl... Hi - I have written an application to add Users to a Domain. It works fine on IIS 5.0 but is not working on IIS 6.0. I suspect it has to do with permissions. IIS 6.0 resides on a member server. The application uses Integrated Windows authentication. I have created a custom Application Pool which uses a Domain User as the Identity. I use the Domain User because I need to create files and assign file permissions on remote domain servers. I have given this user all the User Rights Assignements that the local IWAM user has. At this point I can't even logon to the site. The event log says it is an unknown user name or password. If I change the Application Pool Identity to Network I can logon. Can anyone out there point me to a white paper that explains what type of permissions a Domain User account needs to logon to a site using Integrated Windows authentication and what type of permissions a Domain User accounts needs on a 2003 member server in order to serve as a Application Pool Identity? Any help would be greatly appreciated. Thanks!!! Mike
- Next message: David Wang [Msft]: "Re: [IIS 6] A summary of my strange situation"
- Previous message: Ken Schaefer: "Re: Cookie and domain problem"
- In reply to: Mike: "IIS 6.0 and Permissions?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
