Reputation: 1
IIS can't validate some of my windows tokens coming from approved AD Domains
my ASPNet application on IIS Server is using Windows Authentication, anonymous authentication is disabled, Negotiate is in first position for authentication Providers. The users members of the A.D. domain in which the IIS server is joined can login transparently. The users from another approved domain are asked to enter their credentials without success, the credentials popup continuously appears. It seems ISS pool account is not able to validate user's token when they are from an approved domain. Any idea, thanks
Is there a link with delegation authorizations?
Upvotes: 0
Views: 29
Answers (1)
Reputation: 12789
First make sure you have created trust in the active directory. you can do it by going to the Active Directory Domains and Trusts properties setting. that will make sure that the there is trust between two AD domains.
After that in iis enable windows authentication. set the Negotiate first and NTLM second in the provider list.
Try to set the app pool identity to the domain user who has the enogh permission
In the authorization set allow users to *
set the SPN: setspn -A HTTP/<your_server_name> <domain\service_account>
Upvotes: 0
Related Questions
- Why does windows authentication prompting credentials popup
- "Cannot verify access to path (C:\inetpub\wwwroot)", when adding a virtual directory
- IIS Mixed Anonymous and Windows Authentication
- IIS Anonymous Authentication enabled but credentials required
- Getting IIS to impersonate the windows user to SQL server in an intranet environment
- Asp.net delegation
- ASP.Net web application trying to use Impersonation and Delegation to connect to SQL Server
- Set up Kerberos Authentication with Delegation on IIS 7 w/ Windows Server 2008
- IIS6 windows authentication only working when site is accessed by DNS name (not IP address)