Integrated Authentication

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Anybody know how to get Integrated Authentication to actually work under IIS ? If I set ntfs permissions on the website folders and set integrated authentication in ISM I get a 401.2 authentication error. I've tried adding the www-authentication header to the site but it makes no difference.

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Set the website to runas a non-privied user. Give that user modify to the directory structure. Leave integrated checked. All I've found this really does, is have the OS authenticate, instead of IIS.

 

Thanks for the advice Azuziel, where are you talking about setting the website to run as the non-priv user ? I set up a test environment today in vmware and managed to get it to work which is most confusing, I took all the same steps at work yesterday but got nowhere. The key step in my test environment was adding the server to the local intranet on the client machine, I did this time and again at work but only got a 401.2 it was like the browser wasn't accepting the the website was in the local intranet even though the zone in the browser window showed as Local Intranet. If I enabled Digest authentication the site quite happily triggered the login box. The only real differences in the environments were the version of ie, 5.5 at work and 5.0 at home and service packs. Do you think IIS lockdown would affect the authentication the server accepted ?

 

For anybody who's interested I've sussed it. The browser was going via the proxy to the website, even though it's an internal address. This was screwing up the integrated authentication. I added *.domain.co.uk to the proxy bypass list in internet options and hey presto it started behaving. Doh! talk about missing the obvious.

 

Is there not a tick box in the internet properties dialogue box that says "bypass Proxy for local addresses"

 

Yes and it is ticked If you navigate to the site just using the computer name it goes direct and bypasses the proxy, if you give it the full domain name it ends up going via the proxy.