Re: Strange auth denial with IE Integrated Security and IIS; but not Firefox, Netscape
From: Bernard (qbernard_at_hotmail.com.discuss)
Date: 11/24/04
- Next message: Yap: "Integrated Windows Authentication problem in AD 2000"
- Previous message: Jason Brown [MSFT]: "Re: IIS 6 will not work with IP address"
- In reply to: Kevin C: "Re: Strange auth denial with IE Integrated Security and IIS; but not Firefox, Netscape"
- Next in thread: Kevin C: "Re: Strange auth denial with IE Integrated Security and IIS; but not Firefox, Netscape"
- Reply: Kevin C: "Re: Strange auth denial with IE Integrated Security and IIS; but not Firefox, Netscape"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 24 Nov 2004 11:52:54 +0800
The same domain account you used for defaultapppool ?
that doesn't make sense right ????
-- Regards, Bernard Cheah http://www.tryiis.com/ http://support.microsoft.com/ http://www.msmvps.com/bernard/ "Kevin C" <kc@noneya.com> wrote in message news:#rgz#RY0EHA.3236@TK2MSFTNGP15.phx.gbl... > I got it. It stemmed from my domain account not have a registered SPN with > AD for that machine. Thanks for your help. > > > "Bernard" <qbernard@hotmail.com.discuss> wrote in message > news:O04%232AT0EHA.2568@TK2MSFTNGP11.phx.gbl... > > Well, I will try. From your explanation > > defaultapppool - no problem > > new apppool - error > > > > it looks like the new AppPool doesn't have certain required access right, > > application impersonation same ? > > and both app pool are running the same process identity ? > > > > I can't think of anything now, but have check the IIS log file for the two > > different app pool ? > > -- > > Regards, > > Bernard Cheah > > http://www.tryiis.com/ > > http://support.microsoft.com/ > > http://www.msmvps.com/bernard/ > > > > > > > > "Kevin C" <kc@noneya.com> wrote in message > > news:eAfacnK0EHA.2016@TK2MSFTNGP15.phx.gbl... > > > Firefox 1.0R > > > Netscape - 7.1 > > > > > > Bernard, > > > Basic Auth is not on, only Windows Integrated. Please help me > understand > > > this a little better. By default, in previous apps I have always had > > > "Enable Integrated Auth" on. If I am running a non-AD domain and set up > a > > > simple site and setup WindowsAuth are you saying that it will force > > > Kerberos? Is the new app domain jump that the new AppPool has created > > > presenting a delegation problem? If I move the virtual directory back > to > > > the DefaultAppPool and set impersonation back to the domain accout > > everthing > > > works perfect. Moving it out to the new AppPool is what is triggering > > this > > > behavior and I cant figure out what is going on here. I must say I am a > > > little frusterated ;) > > > > > > Kevin > > > > > > > > > "Bernard" <qbernard@hotmail.com.discuss> wrote in message > > > news:updR$jE0EHA.1300@TK2MSFTNGP14.phx.gbl... > > > > What I suspect is Kerberos auth failed, when the "Enable Windows > > > Integrated > > > > Authentication" is on. IE will force kerberos auth, without it, it > will > > > pick > > > > NTLM if kerberos failed. > > > > > > > > site question. what version of firefox and netscape you are using.. > > > > and basic auth is not enabled in the site property, right ? > > > > > > > > -- > > > > Regards, > > > > Bernard Cheah > > > > http://www.tryiis.com/ > > > > http://support.microsoft.com/ > > > > http://www.msmvps.com/bernard/ > > > > > > > > > > > > > > > > "Kevin C" <kc@noneya.com> wrote in message > > > > news:uuNvcxmzEHA.824@TK2MSFTNGP11.phx.gbl... > > > > > I am having a rather weird error occur when trying to connect to my > > web > > > > > applications. Here is the scenario: > > > > > - There is a application pool that I have created to host my web > > > apps > > > > > - The App pool is running under a domain account > > > > > - Anonymous access is off and WindowsAuth is on > > > > > - turned off any identity impersonation settings for the asp.net > > > app; > > > > > therefore it is using what is in the machine.config. Which is > > <identity > > > > > impersonate="false" userName="" password=""/> > > > > > - The domain account has sufficient privileges to ASP.NET Temp > dir > > > > > - ACL set for proper accounts > > > > > > > > > > Here is the weird thing. When I turn off the "Enable Windows > > Integrated > > > > > Authentication" option in IE I get challenged and everything works > > fine > > > > once > > > > > I supply the correct creds - same things happens with Firefox and > > > > Netscape. > > > > > But, if I turn that option back on I get prompted and can't get > > through. > > > > I > > > > > have check the logs and all I see is the 401 challenge. Does > anyone > > > have > > > > > any ideas? The only real difference I have done today is move this > > app > > > > into > > > > > running with the AppPool under a domain account. > > > > > > > > > > Kevin > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
- Next message: Yap: "Integrated Windows Authentication problem in AD 2000"
- Previous message: Jason Brown [MSFT]: "Re: IIS 6 will not work with IP address"
- In reply to: Kevin C: "Re: Strange auth denial with IE Integrated Security and IIS; but not Firefox, Netscape"
- Next in thread: Kevin C: "Re: Strange auth denial with IE Integrated Security and IIS; but not Firefox, Netscape"
- Reply: Kevin C: "Re: Strange auth denial with IE Integrated Security and IIS; but not Firefox, Netscape"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
