Ok, I set up active directory delegation on my intranet site, and enabled windows authentication.
Users go to the ASP page, and their identity/credentials are passed through to the SQL server.
(logging into the sql server with the users credentials is the critical part here, we have assigned sql level permissions on certain tables)
When users go to the machines website http://cWebNexus2/integratedlogon.asp
, everything works like a dream.
(cWebNexus2 is the name of the machine on our active directory network)
But when I go to the outside site name: http://nexus.dealix.com/integratedlogon.asp
, it didn’t work at first.
So, I used “setspn -a HOST/nexus.dealix.com” on the CwebNexus2 Webserver to register the nexus.dealix.com name, so delegation will work… and now it does!
My question is, can I do the same thing for the webserver Cwebnexus1 when I bring that machine online next week?
See, nexus.dealix.com is an address that is going to be load balanced between the machines, CWebNexus1 and CWebNexus2, will I be able to use "setspn -a HOST/nexus.dealix.com" to register the domain for both servers?