Re: integrated authentication

---

• From: "Robert Ginsburg" <robert.ginsburg@xxxxxxxx>
• Date: Wed, 24 May 2006 08:28:34 -0400

---

Have you configured the server as trusted for kerberos delegation ?
"Frédéric de Thysebaert" <frdt@xxxxxxxxxxxxxx> wrote in message
news:OcgmL0vfGHA.1520@xxxxxxxxxxxxxxxxxxxxxxx

Hi,

I have a intranet asp application runing on IIS6. with data on SQL server
runing on an other computer (the two servers are member server of our
active directory domain). Access to the data are based on the user account
who connect to the IIS application.
The application is runing on the port 80 with a host header as
app.mydomain.com (others applications are runing on port 80 without
hostheader).
The application run in an application pool with a domain account from
active directory.
With basic authentication, the user can launch the application and have
access to the data. ( I use impersonate = true in the web.config file)
I try now to activate the integrated authentication .. but nothing is
runing, I always have a popup asking for user and password and the same
user account cant access the application
I had set using the documentation a SPN for the identity runing the
application pool with the tool setspn and the synthaxe setspn -A
HTTP/app.mydomain.com mydomain\myuserapp
I had set the NTAuthenticationProviders to "Negociate,NTLM" within the
right virtual directory and using the script adsutil.vbs
I had restart the iis server (iisreset)

using the authentication & diagnostique tools from microsoft on the web
server and verifying kerberos security I just see " Service principal name
(SPN) for user mydomain\myuserapp' not found in Active Directory" but with
adsiedit on the same account I have a SPN set .. It's the only one trace i
have to debug my authentication problem ..

Do you have some ideas

.

---

• Follow-Ups:
  • Re: integrated authentication
    • From: Frédéric de Thysebaert

• References:
  • integrated authentication
    • From: Frédéric de Thysebaert

• Prev by Date: WMV and IIS
• Next by Date: Re: integrated authentication
• Previous by thread: integrated authentication
• Next by thread: Re: integrated authentication
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Access Shared Printer?? ... shares) on other domain member computers (centralized user account ... defined as a local printer that is shared is called the server. ... at the client computer with the username and password that is common to ... This command will use the ServerUserName to do an "authentication" on the ... (microsoft.public.win2000.printing) Re: Access Denied to share with anonymous access disabled ... > Integrated Windows authentication, then you are looking at the classic ... > server, why should the server automatically be able to use your ... > ASPNet local user account full access to the share. ... > anonymous access with integrated windows security on the web site. ... (microsoft.public.inetserver.iis.security) Re: Access Denied to share with anonymous access disabled ... > Integrated Windows authentication, then you are looking at the classic ... > server, why should the server automatically be able to use your ... > to access some other network resource? ... > ASPNet local user account full access to the share. ... (microsoft.public.inetserver.iis.security) Re: Machine Authentication not working with wireless clients and I ... authentication, just the same error as before, about invalid account. ... which communicates with an IAS server via Radius. ... Use your global user account or local user account to access this ... What I would do is create a group of wireless enabled computers. ... (microsoft.public.internet.radius) Strange Logon Problem ... My Sharepoint server is in a NT domain and all the users ... are in trusted NT-domains. ... Basic Authentication, ... >pc that is a member of domain 2 with a user account from ... (microsoft.public.sharepoint.portalserver)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)