Re: Strange auth denial with IE Integrated Security and IIS; but not Firefox, Netscape

From: Bernard (qbernard_at_hotmail.com.discuss)
Date: 11/23/04 

Date: Tue, 23 Nov 2004 15:44:05 +0800

Well, I will try. From your explanation
defaultapppool - no problem
new apppool - error

it looks like the new AppPool doesn't have certain required access right,
application impersonation same ?
and both app pool are running the same process identity ?

I can't think of anything now, but have check the IIS log file for the two
different app pool ? 

-- 
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/
"Kevin C" <kc@noneya.com> wrote in message
news:eAfacnK0EHA.2016@TK2MSFTNGP15.phx.gbl...
> Firefox 1.0R
> Netscape - 7.1
>
> Bernard,
> Basic Auth is not on, only Windows Integrated.  Please help me understand
> this a little better.  By default, in previous apps I have always had
> "Enable Integrated Auth" on.  If I am running a non-AD domain and set up a
> simple site and setup WindowsAuth are you saying that it will force
> Kerberos?   Is the new app domain jump that the new AppPool has created
> presenting a delegation problem?  If I move the virtual directory back to
> the DefaultAppPool and set impersonation back to the domain accout
everthing
> works perfect.  Moving it out to the new AppPool is what is triggering
this
> behavior and I cant figure out what is going on here.  I must say I am a
> little frusterated ;)
>
> Kevin
>
>
> "Bernard" <qbernard@hotmail.com.discuss> wrote in message
> news:updR$jE0EHA.1300@TK2MSFTNGP14.phx.gbl...
> > What I suspect is Kerberos auth failed, when the "Enable Windows
> Integrated
> > Authentication" is on. IE will force kerberos auth, without it, it will
> pick
> > NTLM if kerberos failed.
> >
> > site question. what version of firefox and netscape you are using..
> > and basic auth is not enabled in the site property, right ?
> >
> > -- 
> > Regards,
> > Bernard Cheah
> > http://www.tryiis.com/
> > http://support.microsoft.com/
> > http://www.msmvps.com/bernard/
> >
> >
> >
> > "Kevin C" <kc@noneya.com> wrote in message
> > news:uuNvcxmzEHA.824@TK2MSFTNGP11.phx.gbl...
> > > I am having a rather weird error occur when trying to connect to my
web
> > > applications.  Here is the scenario:
> > >     - There is a application pool that I have created to host my web
> apps
> > >     - The App pool is running under a domain account
> > >     - Anonymous access is off and WindowsAuth is on
> > >     - turned off any identity impersonation settings for the asp.net
> app;
> > > therefore it is using what is in the machine.config.  Which is
<identity
> > > impersonate="false" userName="" password=""/>
> > >     - The domain account has sufficient privileges to ASP.NET Temp dir
> > >     - ACL set for proper accounts
> > >
> > > Here is the weird thing.  When I turn off the "Enable Windows
Integrated
> > > Authentication" option in IE I get challenged and everything works
fine
> > once
> > > I supply the correct creds - same things happens with Firefox and
> > Netscape.
> > > But, if I turn that option back on I get prompted and can't get
through.
> > I
> > > have check the logs and all I see is the 401 challenge.   Does anyone
> have
> > > any ideas?  The only real difference I have done today is move this
app
> > into
> > > running with the AppPool under a domain account.
> > >
> > > Kevin
> > >
> > >
> >
> >
>
>

Relevant Pages