Solved

IIS Authentication

Posted on 2013-02-06
3
646 Views
Last Modified: 2013-12-02
Hi,

i am trying to setup external access to our intranet site. when it is accessed from within the local network it will just work, but i want to setup authentication for when it is accessed from the net.

I have setup a secondary site within IIS manager, setup the relevant bindings, and security settings (i am using windows Authentication) etc. everything wokrs fine when the Authorization rule is set to all users. What i want to do is only allow access to certain users.

On the new second site I go into the Authorisation rules and specify a particular user to have access. when i do this the first site stops working with a 401 (not authorised) error.

i have no idea why this is happening, i cannot see any thing on google.

Any help will be appreciated.

Thanks

Michael
0
Comment
Question by:motorhog
  • 2
3 Comments
 
LVL 10

Assisted Solution

by:gaurav05
gaurav05 earned 500 total points
ID: 38858773
Hi,

1) Try and see if basic authentication working or not ?

2) At your gateway end is there any firewall which is using integrated authentication

3) disable "Show Friendly HTTP Error messages" in Internet Explorer and try to login

4) check IIS logs file after trying above.

5) how your active directory user configured.

-Let us know.
0
 

Author Comment

by:motorhog
ID: 38858814
Hi.

Basic authentication works with Local users only (i want to use AD users). however when i change the authorisation rule to a single local username, the first site still shows the 401 error.

there is no authentication on our firewall

the HTTP friendly errors are already turned off and i get the following,

401 - Unauthorized: Access is denied due to invalid credentials.

You do not have permission to view this directory or page using the credentials that you supplied.

I can see in the logs that the error seems to be because iis is looking for a local username rather than a domain unsername from our AD.
0
 
LVL 10

Accepted Solution

by:
gaurav05 earned 500 total points
ID: 38858839
Hi,

Try to first resolve problem for one site then do it same for second website.

Please change the identity in the application pool in the IIS from the default "ApplicationPoolIdentity" to a domain account "DOMAIN\account"

In Internet explorer please check

Tools- Internet Options - Advanced - Security - enable integrated windows authentication*

Let me know.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip is around source server preparation. No migration is an easy migration, there is a…
Know what services you can and cannot, should and should not combine on your server.
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question