Re: Standalone IIS Server prompts for authentication when using Domain Anon User Acct

From: Miguel (ihaveblint_at_gmail.com)
Date: 10/04/04 

Date: 4 Oct 2004 11:01:50 -0700

Hi Roger,

   yes that might be confusing. Even though I can't browse the domain
accounts I manually entered the domain account information into the
Anonymous User Account input box. A domain does exist, its just the
IIS server is not part of this domain. I know that it is using the
domain account because after authenticating through the Windows
Authentication window that pops up the rest of the application works
correctly. My problem is why does a Windows Authentication window come
up in the first place?

   I'm probably not explaining myself very clearly. Here is a post
that my coworker sent to someone who appeared to have dealt with a
similar problem.

 ========================

When I access the web site (remotely) from IE, I receive the "Enter
Network Password" dialog box prior to accessing my login.aspx page.

The reason for this is because the "Anonymous User Account"
IUSR_<servername> is no longer there. Currently a user id (on an
active directory machine) is added, who has active directory
administrative rights.

Since the AD user has no rights on the standalone machine,
How am I able to access this standalone web server without
authenticating to it first?

I would really appreciate your help
Thanks in advance
Rob

 =========================

   Thanks,

      Miguel

"Roger Abell [MVP]" <mvpNoSpam@asu.edu> wrote in message news:<Od6BKzNqEHA.3712@TK2MSFTNGP15.phx.gbl>...
> I believe that what is confusing us is that you say you have
> the machine standalone, not in the domain, and then you
> define IIS to use a domain account. This is a contradiction.
> No domain accounts are available if not in a domain.
>
> --
> Roger Abell
> Microsoft MVP (Windows Server System: Security)
> MCDBA, MCSE W2k3+W2k+Nt4
> "Miguel" <ihaveblint@gmail.com> wrote in message
> news:393251a5.0409300707.7a3af05f@posting.google.com...
> > Hello all,
> >
> > I'm having some trouble with getting my IIS server working
> > correctly with anonymous users. Current we have an IIS server sitting
> > in the DMZ that is not part of the internal Windows domain which needs
> > to access Active Directory. To gain access to Active Diretory I've
> > changed the Anonymous User Account under IIS to a domain account.
> > However this causes one to be prompted to authenticate as soon as you
> > try to access the website on the IIS server. For testing purposes I
> > added the IIS server to the same domain that it would be accessing and
> > I no longer got prompted to authenticate when accessing the website.
> > This isn't a NTFS permission problem as far as I can tell since the
> > web application resides in a directory giving Everybody permission to
> > access it. I read that Log on Locally might be necessary, but after
> > giving the domain account (the same that IIS is running as) permission
> > to logon locally I still get prompted for authentication.
> >
> > The desired result is for the standalone IIS server to have access
> > to Active Directory without needing any type of authentication by the
> > user other than at the application level.
> >
> > Any ideas on what could be causing anonymous users being prompted
> > for Windows authentication?
> >
> >
> > Thanks!

Relevant Pages

  • Standalone IIS Server prompts for authentication when using Domain Anon User Acct
    ... I'm having some trouble with getting my IIS server working ... changed the Anonymous User Account under IIS to a domain account. ... to logon locally I still get prompted for authentication. ... Any ideas on what could be causing anonymous users being prompted ...
    (microsoft.public.inetserver.iis.security)
  • Re: Standalone IIS Server prompts for authentication when using Domain Anon User Acct
    ... define IIS to use a domain account. ... Current we have an IIS server sitting ... > changed the Anonymous User Account under IIS to a domain account. ... > to logon locally I still get prompted for authentication. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Cant make a domain user the "anonymous access" user
    ... When dealing with authentication issues it is VERY important to ... Some of the things you claim is not consistent with a default IIS ... If you use a browser that cannot do NTLM, by definition, a 401.2 error is ... user account that works and your domain account that does not. ...
    (microsoft.public.inetserver.iis.security)
  • Re: System.IO.Directoryinfo throwing exception
    ... With basic authentication and impersonation you need to ... use a domain account which can delegate and you can check how to mark your ... ASP.NET MVP ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Cant make a domain user the "anonymous access" user
    ... I have tried both with and without Integrated authentication enabled. ... I get a login prompt if I am using an NTLM-capable ... I can then authenticate using the domain account ... Pool containing this ASP page ...
    (microsoft.public.inetserver.iis.security)
Quantcast