Re: Standalone IIS Server prompts for authentication when using Domain Anon User Acct
From: Bernard (qbernard_at_hotmail.com.discuss)
Date: 10/06/04
- Next message: Ken Schaefer: "Re: Newbie Windows Authentication, IIs and Intranet vs Internet users."
- Previous message: Bernard: "Re: Newbie needs info on using SSL."
- In reply to: Miguel: "Re: Standalone IIS Server prompts for authentication when using Domain Anon User Acct"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 6 Oct 2004 12:05:25 +0800
I don't think this is possible :(
when you try to access the filesvr, you are authentication yourself to the
DC of the domain. In the IIS case, a user access the site anonymously and
you 'expect' the 'domain account' you specified will know which DC to talk
to and etc, I don't think this work the same way as the way you access your
filesvr. IIS will not know where to contact the DC, and you can't specify
any domain accounts in your file ACLs
-- Regards, Bernard Cheah http://www.tryiis.com/ http://support.microsoft.com/ http://www.msmvps.com/bernard/ "Miguel" <ihaveblint@gmail.com> wrote in message news:393251a5.0410051132.579c2500@posting.google.com... > Hi Bernard, > > What if I explicitly say user@domain.com and provide the correct > password for that Domain account? Can't it go off do a lookup on > domain.com find the IP addresses of the Active Directory servers > (using an internal dns server) and then authenticate against those > servers? On a regular basis I will go and access a share on our > fileserver from a standalone PC that I'm building, and get prompted > for Domain credentials. Upon entering the credentials everything > continues along just fine even though the machine I'm accessing the > share from isn't part of the Domain. > > Thanks, > > Miguel > > > > > "Bernard" <qbernard@hotmail.com.discuss> wrote in message news:<#OxeUIoqEHA.3428@TK2MSFTNGP11.phx.gbl>... > > Now, I know what you talkin about... > > If the standalone server doesn't belong to a Domain, how do you expect it > > know where to authenticate the user ? > > > > > > -- > > Regards, > > Bernard Cheah > > http://www.tryiis.com/ > > http://support.microsoft.com/ > > http://www.msmvps.com/bernard/ > > > > > > > > "Miguel" <ihaveblint@gmail.com> wrote in message > > news:393251a5.0410041001.1af75e11@posting.google.com... > > > Hi Roger, > > > > > > yes that might be confusing. Even though I can't browse the domain > > > accounts I manually entered the domain account information into the > > > Anonymous User Account input box. A domain does exist, its just the > > > IIS server is not part of this domain. I know that it is using the > > > domain account because after authenticating through the Windows > > > Authentication window that pops up the rest of the application works > > > correctly. My problem is why does a Windows Authentication window come > > > up in the first place? > > > > > > I'm probably not explaining myself very clearly. Here is a post > > > that my coworker sent to someone who appeared to have dealt with a > > > similar problem. > > > > > > ======================== > > > > > > When I access the web site (remotely) from IE, I receive the "Enter > > > Network Password" dialog box prior to accessing my login.aspx page. > > > > > > The reason for this is because the "Anonymous User Account" > > > IUSR_<servername> is no longer there. Currently a user id (on an > > > active directory machine) is added, who has active directory > > > administrative rights. > > > > > > Since the AD user has no rights on the standalone machine, > > > How am I able to access this standalone web server without > > > authenticating to it first? > > > > > > I would really appreciate your help > > > Thanks in advance > > > Rob > > > > > > ========================= > > > > > > > > > > > > > > > Thanks, > > > > > > Miguel > > > > > > "Roger Abell [MVP]" <mvpNoSpam@asu.edu> wrote in message > > news:<Od6BKzNqEHA.3712@TK2MSFTNGP15.phx.gbl>... > > > > I believe that what is confusing us is that you say you have > > > > the machine standalone, not in the domain, and then you > > > > define IIS to use a domain account. This is a contradiction. > > > > No domain accounts are available if not in a domain. > > > > > > > > -- > > > > Roger Abell > > > > Microsoft MVP (Windows Server System: Security) > > > > MCDBA, MCSE W2k3+W2k+Nt4 > > > > "Miguel" <ihaveblint@gmail.com> wrote in message > > > > news:393251a5.0409300707.7a3af05f@posting.google.com... > > > > > Hello all, > > > > > > > > > > I'm having some trouble with getting my IIS server working > > > > > correctly with anonymous users. Current we have an IIS server sitting > > > > > in the DMZ that is not part of the internal Windows domain which needs > > > > > to access Active Directory. To gain access to Active Diretory I've > > > > > changed the Anonymous User Account under IIS to a domain account. > > > > > However this causes one to be prompted to authenticate as soon as you > > > > > try to access the website on the IIS server. For testing purposes I > > > > > added the IIS server to the same domain that it would be accessing and > > > > > I no longer got prompted to authenticate when accessing the website. > > > > > This isn't a NTFS permission problem as far as I can tell since the > > > > > web application resides in a directory giving Everybody permission to > > > > > access it. I read that Log on Locally might be necessary, but after > > > > > giving the domain account (the same that IIS is running as) permission > > > > > to logon locally I still get prompted for authentication. > > > > > > > > > > The desired result is for the standalone IIS server to have access > > > > > to Active Directory without needing any type of authentication by the > > > > > user other than at the application level. > > > > > > > > > > Any ideas on what could be causing anonymous users being prompted > > > > > for Windows authentication? > > > > > > > > > > > > > > > Thanks!
- Next message: Ken Schaefer: "Re: Newbie Windows Authentication, IIs and Intranet vs Internet users."
- Previous message: Bernard: "Re: Newbie needs info on using SSL."
- In reply to: Miguel: "Re: Standalone IIS Server prompts for authentication when using Domain Anon User Acct"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
