	[x] Posted via EE Mobile
	Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.

Question

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

7.8

IIS7 Authentication against Active Directory?

Asked by JBHaire2004 in Microsoft IIS Web Server, .Net Application Servers, Web Servers

Excuse my ignorance on the subject but is it possible to configure IIS7 to use Authentication against Active Directory without Forms based Authentication...?

I could hack my way through IIS6 okay but now that we have started moving toward Server 2008 R2 and IIS7 I am geting hung up. Here is the run down on what I am working on and what I would like to do. I have an internal Intranet site that is populated with frequently used documentation and tech notes that I would like to make available, in-house, to my Network Support and Engineering IT team. At the same time (for multiple reason) I do not want anyone outside of the group that happens to hit the URL to have access to browse through what is there.

Ideally if the user is a member of my Team, and logged onto the machine as themselves, I would like IIS7 to use the account that session is running under for access permissions and to allow access without prompting for credentials. However, if they were at a users stations (ie: a Windows session where the user is not a member of my group), I would like the site to prompt for credentials. All of which I would like to have authenticated against Active Directory.
I have tweaked the settings to get it to appear to be working in a manner that manifests my desired result but I am not sure that it is correct or if I have opened myself up to other pain later on. Additionally I dont want to create a security vulnerability or hole that would get us dinged during an audit.

I have IIS7 configured so that for Authentication: Anonymous Authentication is disabled and Windows Authentication is enabled. I then modified the NFTS permissions on the subfolder under the inetpub (file system folder ) so that only service accounts, local server accounts/groups, and an Active Directory Security Group (that my users belong to) have read access to the location.

The aforementioned settings seem to be working but I did not know if that was the way I should have configured things as I believe the access is being controlled by NTFS file permission more than by anything in the Windows IIS7 Webserver. But as I denied anonymous access to the site, IIS7 has to be using something as the control and to verify that the account the process is running under has a windows accounts, however I never specified that anywhere.

Any insight is appreciated.

Thanks!
JBH

View the Solution FREE for 30 Days

20091111-EE-VQP-92 - Hierarchy / EE_QW_3_20080625

Hall of Fame

1. tedbilly19,500
2. meverest11,175
3. TheLearn...9,340
4. abel7,500
5. mlmcc7,250
6. CodeCruiser6,830
7. 668666,500
8. emoreau5,830
9. cs97jjm35,750
10. Dabas5,000
10. aibusines...5,000
10. dhansmani5,000
13. servoadmin4,750
14. shalomc4,500
14. DanielWilson4,500
14. Paranorm...4,500
17. spprivate4,400
18. Dhaest4,125
19. OBonio4,000
19. ged3254,000
19. peter57r4,000
19. mark_wills4,000
19. wolfman...4,000
19. HainKurt4,000
19. jamesrh4,000

1. tedbilly30,400
2. meverest14,175
3. mlmcc11,250
4. TheLearn...9,340
5. emoreau8,894
6. CodeCruiser8,830
7. Dhaest8,625
8. servoadmin8,150
9. Dave_Dietz7,700
10. abel7,500
11. Dabas7,000
12. 668666,500
13. cs97jjm35,750
14. jpaulino5,000
14. aibusines...5,000
14. Paranorm...5,000
14. dhansmani5,000
18. shalomc4,500
18. DanielWilson4,500
20. spprivate4,400
21. samtran0...4,100
22. OBonio4,000
22. x_com4,000
22. ged3254,000
22. peter57r4,000
22. mark_wills4,000
22. wolfman...4,000
22. HainKurt4,000
22. jamesrh4,000

IIS7 Authentication against Active Directory?

Asked by JBHaire2004 in Microsoft IIS Web Server, .Net Application Servers, Web Servers

About this solution