Re: Can't make a domain user the "anonymous access" user
From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 06/29/04
- Next message: Jen Roth: "Re: Can't make a domain user the "anonymous access" user"
- Previous message: David Wang [Msft]: "Re: How do I block unauthorized insertion of a default home page?"
- In reply to: Jen Roth: "Can't make a domain user the "anonymous access" user"
- Next in thread: Jen Roth: "Re: Can't make a domain user the "anonymous access" user"
- Reply: Jen Roth: "Re: Can't make a domain user the "anonymous access" user"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 28 Jun 2004 16:41:25 -0700
I do not think this is an IIS issue. I think you have some setting within
your domain's policy that is preventing this. It's working just fine for
me.
IIS just uses the username/password you set and call LogonUser with it --
the same thing that you do when you are prompted. Based on your
description, you have both Anonymous and some other authentication protocol
enabled -- you may want to check on that since what happens when a user
authenticates (so not using your custom anonymous user) and accesses the ASP
page... and that user does not have database rights. There is no such thing
as "almost correct" security configuration -- you need to configure it
absolutely correct to have 100% intended behavior.
I want to know:
1. what authentication protocols are enabled for the ASP page in question
(anon, basic, Integrated, etc)
2. Are you using default or custom AppPool Identity for the Application Pool
containing this ASP page
3. What are the web log entries for the request that is failing. In
particular, give the HTTP status/sub-status as well as Win32 error codes.
It will make it clear whether the problem is:
a. You entered the wrong anonymous username/password in configuration
b. The domain policy is restricting the username
c. The authenticated user is denied ACLs to the resource
d. etc
I would then enable Security Auditing and see what is causing anonymous
login to fail, and go from there.
-- //David IIS This posting is provided "AS IS" with no warranties, and confers no rights. // "Jen Roth" <anonymous@discussions.microsoft.com> wrote in message news:2261501c45d51$a6b52500$a301280a@phx.gbl... I have been trying to set up a website in IIS 6 so that a domain user account is used for anonymous access, instead of IUSR_SERVERNAME. (I am doing this because we have ASP scripts that need to connect to a datasource as this domain user.) Unfortunately, it doesn't work. I can set it up so that a local account is used for anonymous access -- I created a local "test" account just to make sure I was setting all the permissions right, and it worked fine. But if I use a domain account instead, I am prompted for a username and password whenever I access a web page. I know the domain account is valid and the password is right, and the NTFS permissions allow this user access. If I log in with this username/password when I am prompted, I can view the page. But for some reason, IIS just doesn't seem to recognize this domain user as the "anonymous access" user. Can anyone help?
- Next message: Jen Roth: "Re: Can't make a domain user the "anonymous access" user"
- Previous message: David Wang [Msft]: "Re: How do I block unauthorized insertion of a default home page?"
- In reply to: Jen Roth: "Can't make a domain user the "anonymous access" user"
- Next in thread: Jen Roth: "Re: Can't make a domain user the "anonymous access" user"
- Reply: Jen Roth: "Re: Can't make a domain user the "anonymous access" user"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
