"Jay-nospam" <jaynospam@beyond2020.com> wrote in message
news:9qKdncjhL6_2JC_ZnZ2dnUVZ_s2dnZ2d@magma.ca...
> Hi there,
>
> I am having trouble getting an ASP.NET web application to connect to
> another computer and passing the proper credentials and I hope someone can
> help me.
>
> I have a stand-alone Windows 2003 Server, ServerA, running as a Web Server
> that uses ASP.NET. The default.aspx file tries to access a file in a share
> on another computer, ServerB. ServerA and ServerB are on the same domain
> and are both running Windows 2003 Server.
>
>
>
> The Domain Controller is running Windows 2000 Server. I want to use
> Integrated Windows Authentication to access the file. When I connect to
> the Web site and then check the event viewer on ServerB, I can see that
> ServerA is using the Anonymous Logon to connect to ServerB instead of
> passing through my windows credentials. On ServerA, I have done the
> following:
>
>
>
> In IIS, set the authentication to Integrated Windows Authentication and
> deselected Allow Anonymous logon
>
> Did the following according to
> http://support.microsoft.com/default.aspx?scid=kb;en-us;871179
>
> In my application pool, I set the Identity to a domain user,
> MyDomain\SvcAcct
>
> Added the user, MyDomain\SvcAcct to the IIS_WPG group
>
> As the domain administrator, I ran Setspn on ServerA .  When this didn't
> work, I repeated it on the Primary Domain Controller of the domain and
> that didn't work either.  How I ran the command is listed below:
>
> Setspn -A HTTP/<netbios name> MyDomain\SvcAcct
>
>
>
> Then I followed the instructions at
> http://technet2.microsoft.com/WindowsServer/en/Library/b207ee9c-a055-43f7-b9be-20599b694a311033.mspx?mfr=true
> and on the Primary Domain Controller of the domain I also went into Active
> Directory Services Users and Groups and selected the "Trust this computer
> for delegation" option for ServerA and I also followed the instructions at
> http://technet2.microsoft.com/WindowsServer/en/Library/91a98c38-38c5-49dc-83bf-e69d8e1dbbfa1033.mspx?mfr=true
> and I selected the "Account is trusted for delegation" option for the
> MyDomain\SvcAcct user.
>
> Following http://support.microsoft.com/kb/215383/, on ServerA, I ran the
> following:
>
>
>
> Cscript adsutil.vbs set w3svc/1/NTAuthenticationProviders "Negotiate,NTLM"
>
> I signed in to my client computer as MyDomain\UserA
>
> In IE 6.0, on the client computer, as instructed in
> http://support.microsoft.com/kb/810572/, I selected the "Enable Integrated
> Windows Authentication (requires restart)" option on the Advanced tab and
> then cleared my cache and close my IE 6.0 session and started another.
>
>
>
> In my web.config file for the website, I added the following line after
> the </authorization> closing tag:
>
> <identity impersonate="true" />
>
>
>
> When I connect to the Website on ServerA from the client computer, I am
> not prompted for credentials and that is what I would expect. When I turn
> on auditing, I can also see that UserA is accessing the default.aspx file
> for the Website and that is also what I would expect. However, the event
> viewer on ServerB shows that the Anonymous Logon is what is being used to
> connect to it.
>
>
>
> When I run the Auth Diagnostics 1.0 tool from Microsoft that is refered to
> in http://support.microsoft.com/default.aspx?scid=kb;en-us;871179 on my
> Website on ServerA, I see the message, "Service Principal name (SPN) for
> user 'MyDomain\SvcAcct' not found in Active Directory"
>
> Anything I see on the Internet says to run Setspn for this problem but we
> have done this. Am I doing something wrong when I do this? Is there
> another reason why the credentials are not being passed on?
>
> When I try this with a straight html file, I am able to access the file.
>
>
>
> What am I doing wrong?
>
>
>
> Thanks,
>
>
>
> Jennifer
>
>
>
>

"Consultant" <consultant_mc***@yahoo.com> wrote in message
news:OzmqwgGpGHA.4208@TK2MSFTNGP04.phx.gbl...
> you need to setup an spn for it
>
> "Jay-nospam" <jaynospam@beyond2020.com> wrote in message
> news:9qKdncjhL6_2JC_ZnZ2dnUVZ_s2dnZ2d@magma.ca...
>> Hi there,
>>
>> I am having trouble getting an ASP.NET web application to connect to
>> another computer and passing the proper credentials and I hope someone
>> can help me.
>>
>> I have a stand-alone Windows 2003 Server, ServerA, running as a Web
>> Server that uses ASP.NET. The default.aspx file tries to access a file in
>> a share on another computer, ServerB. ServerA and ServerB are on the same
>> domain and are both running Windows 2003 Server.
>>
>>
>>
>> The Domain Controller is running Windows 2000 Server. I want to use
>> Integrated Windows Authentication to access the file. When I connect to
>> the Web site and then check the event viewer on ServerB, I can see that
>> ServerA is using the Anonymous Logon to connect to ServerB instead of
>> passing through my windows credentials. On ServerA, I have done the
>> following:
>>
>>
>>
>> In IIS, set the authentication to Integrated Windows Authentication and
>> deselected Allow Anonymous logon
>>
>> Did the following according to
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;871179
>>
>> In my application pool, I set the Identity to a domain user,
>> MyDomain\SvcAcct
>>
>> Added the user, MyDomain\SvcAcct to the IIS_WPG group
>>
>> As the domain administrator, I ran Setspn on ServerA .  When this didn't
>> work, I repeated it on the Primary Domain Controller of the domain and
>> that didn't work either.  How I ran the command is listed below:
>>
>> Setspn -A HTTP/<netbios name> MyDomain\SvcAcct
>>
>>
>>
>> Then I followed the instructions at
>> http://technet2.microsoft.com/WindowsServer/en/Library/b207ee9c-a055-43f7-b9be-20599b694a311033.mspx?mfr=true
>> and on the Primary Domain Controller of the domain I also went into
>> Active Directory Services Users and Groups and selected the "Trust this
>> computer for delegation" option for ServerA and I also followed the
>> instructions at
>> http://technet2.microsoft.com/WindowsServer/en/Library/91a98c38-38c5-49dc-83bf-e69d8e1dbbfa1033.mspx?mfr=true
>> and I selected the "Account is trusted for delegation" option for the
>> MyDomain\SvcAcct user.
>>
>> Following http://support.microsoft.com/kb/215383/, on ServerA, I ran the
>> following:
>>
>>
>>
>> Cscript adsutil.vbs set w3svc/1/NTAuthenticationProviders
>> "Negotiate,NTLM"
>>
>> I signed in to my client computer as MyDomain\UserA
>>
>> In IE 6.0, on the client computer, as instructed in
>> http://support.microsoft.com/kb/810572/, I selected the "Enable
>> Integrated Windows Authentication (requires restart)" option on the
>> Advanced tab and then cleared my cache and close my IE 6.0 session and
>> started another.
>>
>>
>>
>> In my web.config file for the website, I added the following line after
>> the </authorization> closing tag:
>>
>> <identity impersonate="true" />
>>
>>
>>
>> When I connect to the Website on ServerA from the client computer, I am
>> not prompted for credentials and that is what I would expect. When I turn
>> on auditing, I can also see that UserA is accessing the default.aspx file
>> for the Website and that is also what I would expect. However, the event
>> viewer on ServerB shows that the Anonymous Logon is what is being used to
>> connect to it.
>>
>>
>>
>> When I run the Auth Diagnostics 1.0 tool from Microsoft that is refered
>> to in http://support.microsoft.com/default.aspx?scid=kb;en-us;871179 on
>> my Website on ServerA, I see the message, "Service Principal name (SPN)
>> for user 'MyDomain\SvcAcct' not found in Active Directory"
>>
>> Anything I see on the Internet says to run Setspn for this problem but we
>> have done this. Am I doing something wrong when I do this? Is there
>> another reason why the credentials are not being passed on?
>>
>> When I try this with a straight html file, I am able to access the file.
>>
>>
>>
>> What am I doing wrong?
>>
>>
>>
>> Thanks,
>>
>>
>>
>> Jennifer
>>
>>
>>
>>
>
>