Re: Standalone IIS Server prompts for authentication when using Domain Anon User Acct

From: Bernard (qbernard_at_hotmail.com.discuss)
Date: 10/05/04 

Date: Tue, 5 Oct 2004 10:21:50 +0800

Now, I know what you talkin about...
If the standalone server doesn't belong to a Domain, how do you expect it
know where to authenticate the user ? 

-- 
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/
"Miguel" <ihaveblint@gmail.com> wrote in message
news:393251a5.0410041001.1af75e11@posting.google.com...
> Hi Roger,
>
>    yes that might be confusing. Even though I can't browse the domain
> accounts I manually entered the domain account information into the
> Anonymous User Account input box. A domain does exist, its just the
> IIS server is not part of this domain. I know that it is using the
> domain account because after authenticating through the Windows
> Authentication window that pops up the rest of the application works
> correctly. My problem is why does a Windows Authentication window come
> up in the first place?
>
>    I'm probably not explaining myself very clearly. Here is a post
> that my coworker sent to someone who appeared to have dealt with a
> similar problem.
>
>  ========================
>
> When I access the web site (remotely) from IE, I receive the "Enter
> Network Password" dialog box prior to accessing my login.aspx page.
>
> The reason for this is because the "Anonymous User Account"
> IUSR_<servername> is no longer there. Currently a user id (on an
> active directory machine) is added, who has active directory
> administrative rights.
>
> Since the AD user has no rights on the standalone machine,
> How am I able to access this standalone web server without
> authenticating to it first?
>
> I would really appreciate your help
> Thanks in advance
> Rob
>
>  =========================
>
>
>
>
>    Thanks,
>
>       Miguel
>
> "Roger Abell [MVP]" <mvpNoSpam@asu.edu> wrote in message
news:<Od6BKzNqEHA.3712@TK2MSFTNGP15.phx.gbl>...
> > I believe that what is confusing us is that you say you have
> > the machine standalone, not in the domain, and then you
> > define IIS to use a domain account.  This is a contradiction.
> > No domain accounts are available if not in a domain.
> >
> > -- 
> > Roger Abell
> > Microsoft MVP (Windows Server System: Security)
> > MCDBA,  MCSE W2k3+W2k+Nt4
> > "Miguel" <ihaveblint@gmail.com> wrote in message
> > news:393251a5.0409300707.7a3af05f@posting.google.com...
> > > Hello all,
> > >
> > >   I'm having some trouble with getting my IIS server working
> > > correctly with anonymous users. Current we have an IIS server sitting
> > > in the DMZ that is not part of the internal Windows domain which needs
> > > to access Active Directory. To gain access to Active Diretory I've
> > > changed the Anonymous User Account under IIS to a domain account.
> > > However this causes one to be prompted to authenticate as soon as you
> > > try to access the website on the IIS server. For testing purposes I
> > > added the IIS server to the same domain that it would be accessing and
> > > I no longer got prompted to authenticate when accessing the website.
> > > This isn't a NTFS permission problem as far as I can tell since the
> > > web application resides in a directory giving Everybody permission to
> > > access it. I read that Log on Locally might be necessary, but after
> > > giving the domain account (the same that IIS is running as) permission
> > > to logon locally I still get prompted for authentication.
> > >
> > >   The desired result is for the standalone IIS server to have access
> > > to Active Directory without needing any type of authentication by the
> > > user other than at the application level.
> > >
> > >   Any ideas on what could be causing anonymous users being prompted
> > > for Windows authentication?
> > >
> > >
> > >       Thanks!

Relevant Pages

  • Re: "Access is Denied" when calling a vb.net queued components in Windows2003 from a Web a
    ... Make sure the client runs under a domain account. ... give "Access denied" error message even if Authentication is set to None ... > but when I install the Web Application on the Windows2003 Server ... > to None the Authentication Level for Calls, but the error is still here... ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Standalone IIS Server prompts for authentication when using Domain Anon User Acct
    ... when you try to access the filesvr, you are authentication yourself to the ... IIS will not know where to contact the DC, ... > What if I explicitly say user@domain.com and provide the correct> password for that Domain account? ... Can't it go off do a lookup on> domain.com find the IP addresses of the Active Directory servers> and then authenticate against those> servers? ...
    (microsoft.public.inetserver.iis.security)
  • Kerberos Authentication Errors
    ... We're having an issue with Kerberos authentication for an ASP.NET app. ... up to run under a domain account instead of NETWORK SERVICE. ... Now we want to remove the domain user from the app pool and go back to ... server host/ourserver.ourdomain. ...
    (microsoft.public.inetserver.iis)
  • RE: problem connecting to dbase from webservice with impersonation
    ... What's your server and the domain environment? ... I think the problem is likely due to the windows authentication ... specific to ether ther webserverand the domain account. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Kerberos machine authentication - apparent authentication fail
    ... > until logon), the wireless connection can kick off when it is ready. ... > was confirmed in the server event logs with IAS (i set that up as the radius ... > as an ordinary user kicks in and takes over from the machine authentication. ... > while the network sorts itself out and a double click on a network link of ...
    (microsoft.public.windows.server.security)