integrated authentication
- From: "Frédéric de Thysebaert" <frdt@xxxxxxxxxxxxxx>
- Date: Wed, 24 May 2006 08:41:35 +0200
Hi,
I have a intranet asp application runing on IIS6. with data on SQL server
runing on an other computer (the two servers are member server of our active
directory domain). Access to the data are based on the user account who
connect to the IIS application.
The application is runing on the port 80 with a host header as
app.mydomain.com (others applications are runing on port 80 without
hostheader).
The application run in an application pool with a domain account from active
directory.
With basic authentication, the user can launch the application and have
access to the data. ( I use impersonate = true in the web.config file)
I try now to activate the integrated authentication .. but nothing is
runing, I always have a popup asking for user and password and the same user
account cant access the application
I had set using the documentation a SPN for the identity runing the
application pool with the tool setspn and the synthaxe setspn -A
HTTP/app.mydomain.com mydomain\myuserapp
I had set the NTAuthenticationProviders to "Negociate,NTLM" within the right
virtual directory and using the script adsutil.vbs
I had restart the iis server (iisreset)
using the authentication & diagnostique tools from microsoft on the web
server and verifying kerberos security I just see " Service principal name
(SPN) for user mydomain\myuserapp' not found in Active Directory" but with
adsiedit on the same account I have a SPN set .. It's the only one trace i
have to debug my authentication problem ..
Do you have some ideas
.
- Follow-Ups:
- Re: integrated authentication
- From: Robert Ginsburg
- Re: integrated authentication
- Prev by Date: Re: securing multiple websites using wildcard certificate - one IIS 6.0 server
- Next by Date: WMV and IIS
- Previous by thread: Re: Certificate Authority guidance requested
- Next by thread: Re: integrated authentication
- Index(es):
Relevant Pages
|
