Re: integrated authentication
- From: "Frédéric de Thysebaert" <frdt@xxxxxxxxxxxxxx>
- Date: Wed, 31 May 2006 07:49:14 +0200
Hi
I have try all this but .. I think that this is IIS authentication who is
not functional.
When the client connetct to http://app.mydomain.com I have a popup asking
for user and password. With the only "basic authentication" the user can
connect with "mydomain\user" synthax, with only "integrated" authentication,
I also have the same popup but the same user with the same synthaxe of login
can not connect. I with my first problem is IIS delegation of
authentication...
How to track this ?
IIS run on a server and SQL on a other, this two servers as member of the
domain and the two server have "trust the computer for delagation" checked.
The account service for IIS application pool and the account service for SQL
service have an association with a SPN and also have the "account is trusted
for delegation" checked.
thanks
"Robert Ginsburg" <robert.ginsburg@xxxxxxxx> a écrit dans le message de
news: OpwFGgzfGHA.2456@xxxxxxxxxxxxxxxxxxxxxxx
Yes, thats all, so if you have done that and SQL auth is still not
working, try thie recomendations from this kb article
http://support.microsoft.com/?id=319723
"Frédéric de Thysebaert" <frdt@xxxxxxxxxxxxxx> wrote in message
news:uarDPFzfGHA.1456@xxxxxxxxxxxxxxxxxxxxxxx
yes I think that's right for me, ..
To do this I have check the delegation check box on the general tab of
computer object in AD. Is it right ?
Thanks
"Robert Ginsburg" <robert.ginsburg@xxxxxxxx> a écrit dans le message de
news: eNRxU2yfGHA.4900@xxxxxxxxxxxxxxxxxxxxxxx
Have you configured the server as trusted for kerberos delegation ?
"Frédéric de Thysebaert" <frdt@xxxxxxxxxxxxxx> wrote in message
news:OcgmL0vfGHA.1520@xxxxxxxxxxxxxxxxxxxxxxx
Hi,
I have a intranet asp application runing on IIS6. with data on SQL
server runing on an other computer (the two servers are member server
of our active directory domain). Access to the data are based on the
user account who connect to the IIS application.
The application is runing on the port 80 with a host header as
app.mydomain.com (others applications are runing on port 80 without
hostheader).
The application run in an application pool with a domain account from
active directory.
With basic authentication, the user can launch the application and have
access to the data. ( I use impersonate = true in the web.config file)
I try now to activate the integrated authentication .. but nothing is
runing, I always have a popup asking for user and password and the same
user account cant access the application
I had set using the documentation a SPN for the identity runing the
application pool with the tool setspn and the synthaxe setspn -A
HTTP/app.mydomain.com mydomain\myuserapp
I had set the NTAuthenticationProviders to "Negociate,NTLM" within the
right virtual directory and using the script adsutil.vbs
I had restart the iis server (iisreset)
using the authentication & diagnostique tools from microsoft on the web
server and verifying kerberos security I just see " Service principal
name (SPN) for user mydomain\myuserapp' not found in Active Directory"
but with adsiedit on the same account I have a SPN set .. It's the only
one trace i have to debug my authentication problem ..
Do you have some ideas
.
- References:
- integrated authentication
- From: Frédéric de Thysebaert
- Re: integrated authentication
- From: Robert Ginsburg
- Re: integrated authentication
- From: Frédéric de Thysebaert
- Re: integrated authentication
- From: Robert Ginsburg
- integrated authentication
- Prev by Date: Re: Service principal name (SPN) / Active Directory Problem
- Next by Date: Re: Private & Public Key storage location
- Previous by thread: Re: integrated authentication
- Next by thread: Re: integrated authentication
- Index(es):
Relevant Pages
|
