Re: integrated authentication
- From: "Robert Ginsburg" <robert.ginsburg@xxxxxxxx>
- Date: Wed, 24 May 2006 09:43:20 -0400
Yes, thats all, so if you have done that and SQL auth is still not working,
try thie recomendations from this kb article
http://support.microsoft.com/?id=319723
"Frédéric de Thysebaert" <frdt@xxxxxxxxxxxxxx> wrote in message
news:uarDPFzfGHA.1456@xxxxxxxxxxxxxxxxxxxxxxx
yes I think that's right for me, ..
To do this I have check the delegation check box on the general tab of
computer object in AD. Is it right ?
Thanks
"Robert Ginsburg" <robert.ginsburg@xxxxxxxx> a écrit dans le message de
news: eNRxU2yfGHA.4900@xxxxxxxxxxxxxxxxxxxxxxx
Have you configured the server as trusted for kerberos delegation ?
"Frédéric de Thysebaert" <frdt@xxxxxxxxxxxxxx> wrote in message
news:OcgmL0vfGHA.1520@xxxxxxxxxxxxxxxxxxxxxxx
Hi,
I have a intranet asp application runing on IIS6. with data on SQL
server runing on an other computer (the two servers are member server of
our active directory domain). Access to the data are based on the user
account who connect to the IIS application.
The application is runing on the port 80 with a host header as
app.mydomain.com (others applications are runing on port 80 without
hostheader).
The application run in an application pool with a domain account from
active directory.
With basic authentication, the user can launch the application and have
access to the data. ( I use impersonate = true in the web.config file)
I try now to activate the integrated authentication .. but nothing is
runing, I always have a popup asking for user and password and the same
user account cant access the application
I had set using the documentation a SPN for the identity runing the
application pool with the tool setspn and the synthaxe setspn -A
HTTP/app.mydomain.com mydomain\myuserapp
I had set the NTAuthenticationProviders to "Negociate,NTLM" within the
right virtual directory and using the script adsutil.vbs
I had restart the iis server (iisreset)
using the authentication & diagnostique tools from microsoft on the web
server and verifying kerberos security I just see " Service principal
name (SPN) for user mydomain\myuserapp' not found in Active Directory"
but with adsiedit on the same account I have a SPN set .. It's the only
one trace i have to debug my authentication problem ..
Do you have some ideas
.
- Follow-Ups:
- Re: integrated authentication
- From: Frédéric de Thysebaert
- Re: integrated authentication
- References:
- integrated authentication
- From: Frédéric de Thysebaert
- Re: integrated authentication
- From: Robert Ginsburg
- Re: integrated authentication
- From: Frédéric de Thysebaert
- integrated authentication
- Prev by Date: Re: integrated authentication
- Next by Date: Secure Communication
- Previous by thread: Re: integrated authentication
- Next by thread: Re: integrated authentication
- Index(es):
Relevant Pages
|
