Solved

IIS Authentication

Posted on 2013-02-06
3
640 Views
Last Modified: 2013-12-02
Hi,

i am trying to setup external access to our intranet site. when it is accessed from within the local network it will just work, but i want to setup authentication for when it is accessed from the net.

I have setup a secondary site within IIS manager, setup the relevant bindings, and security settings (i am using windows Authentication) etc. everything wokrs fine when the Authorization rule is set to all users. What i want to do is only allow access to certain users.

On the new second site I go into the Authorisation rules and specify a particular user to have access. when i do this the first site stops working with a 401 (not authorised) error.

i have no idea why this is happening, i cannot see any thing on google.

Any help will be appreciated.

Thanks

Michael
0
Comment
Question by:motorhog
  • 2
3 Comments
 
LVL 10

Assisted Solution

by:gaurav05
gaurav05 earned 500 total points
Comment Utility
Hi,

1) Try and see if basic authentication working or not ?

2) At your gateway end is there any firewall which is using integrated authentication

3) disable "Show Friendly HTTP Error messages" in Internet Explorer and try to login

4) check IIS logs file after trying above.

5) how your active directory user configured.

-Let us know.
0
 

Author Comment

by:motorhog
Comment Utility
Hi.

Basic authentication works with Local users only (i want to use AD users). however when i change the authorisation rule to a single local username, the first site still shows the 401 error.

there is no authentication on our firewall

the HTTP friendly errors are already turned off and i get the following,

401 - Unauthorized: Access is denied due to invalid credentials.

You do not have permission to view this directory or page using the credentials that you supplied.

I can see in the logs that the error seems to be because iis is looking for a local username rather than a domain unsername from our AD.
0
 
LVL 10

Accepted Solution

by:
gaurav05 earned 500 total points
Comment Utility
Hi,

Try to first resolve problem for one site then do it same for second website.

Please change the identity in the application pool in the IIS from the default "ApplicationPoolIdentity" to a domain account "DOMAIN\account"

In Internet explorer please check

Tools- Internet Options - Advanced - Security - enable integrated windows authentication*

Let me know.
0

Featured Post

Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

Join & Write a Comment

This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Small Business Server 2011. NOTE: This guide has been written using the preview version of SBS2011 therefore some of the screens may …
My previous article  (http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/A_4466-A-beginners-guide-to-installing-SCCM2007-on-Windows-2008-R2-Server.html)detailed one possible method to get SCCM 2007 installed an…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now