yagamyster
asked on
problem with IIS6 pass-through authentication
Hi,
I can't manage to get the "pass-through authentication" feature of IIS 6 working. This is the simple configuration:
step 1)
I create a folder on server "server_a" (win 2003 standard), NTFS security settings: only user "user_x" has full access, this folder is shared as "\\server_a\remote"
step 2)
On server "server_b" (win 2003 standard with IIS 6) I start the IIS manager, at the level "server_b/web sites/default web sites" I create a new "virtual directory" named "remote". The "web site content directory" is the UNC of the shared directory from step 1: "\\server_a\remote", in the windows "security credentials" I omit the username and password - instead I select the option "always use the authenticated user's credentials when validating the access to the network directory", in the window "virtual directory access permissions" I select "read" and "run scripts (as ASP)"
step 3)
then I configure the tab "directory security" of the new virtual directory: under "authentication and access control" I press the "edit" button and select only the option "integrated windows authentication" (no "anonymous access" and no "basic authentication")
Now logged in as "user_x" I try to access the shared folder on "server_a" via the IIS6 on "server_b" : http://server_b/remote (using IE6, WinXP SP2) ... unfortunately without success: first of all I get a window asking me for username and password (why ? I checked the option "integrated windows authentication" - so the system should know my credentials ?!?) but even if I enter my credentials I can't get access to that share: "HTTP Error 401.3 - You are not authorized to view this page".
As long as the resource is located locally on the webserver, the "pass-through authentication" feature works for me and entering a specific account as security credentials for the remote web resource (in step 2) is also working. BUT the "always use the authenticated user's credentials when validating the access to the network directory" thing does not ...
Maybe I missed something important in the configuration ?
I can't manage to get the "pass-through authentication" feature of IIS 6 working. This is the simple configuration:
step 1)
I create a folder on server "server_a" (win 2003 standard), NTFS security settings: only user "user_x" has full access, this folder is shared as "\\server_a\remote"
step 2)
On server "server_b" (win 2003 standard with IIS 6) I start the IIS manager, at the level "server_b/web sites/default web sites" I create a new "virtual directory" named "remote". The "web site content directory" is the UNC of the shared directory from step 1: "\\server_a\remote", in the windows "security credentials" I omit the username and password - instead I select the option "always use the authenticated user's credentials when validating the access to the network directory", in the window "virtual directory access permissions" I select "read" and "run scripts (as ASP)"
step 3)
then I configure the tab "directory security" of the new virtual directory: under "authentication and access control" I press the "edit" button and select only the option "integrated windows authentication" (no "anonymous access" and no "basic authentication")
Now logged in as "user_x" I try to access the shared folder on "server_a" via the IIS6 on "server_b" : http://server_b/remote (using IE6, WinXP SP2) ... unfortunately without success: first of all I get a window asking me for username and password (why ? I checked the option "integrated windows authentication" - so the system should know my credentials ?!?) but even if I enter my credentials I can't get access to that share: "HTTP Error 401.3 - You are not authorized to view this page".
As long as the resource is located locally on the webserver, the "pass-through authentication" feature works for me and entering a specific account as security credentials for the remote web resource (in step 2) is also working. BUT the "always use the authenticated user's credentials when validating the access to the network directory" thing does not ...
Maybe I missed something important in the configuration ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.