|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
URL Authentication IIS 6.0ADAM)... I've red about a new feature in IIS 6.0: URL Authentication and I did manage to set-up a situation where users are authenticated by use of LDAP query: (&(objectCategory=user)(CN=*))) But, now comes the stange part, only users logged-in on the server where IIS is configured are authenticated correctly. For example: IIS/URL Authentication is configured at server Server1 to protect virtual directory /URLTest. When user 'admin' is logged in Server1, he is able to go to http://localhost/URLTest When user 'test' is logged in Server1, he is also able to go to the url above, When users 'admin' or 'test' are logged-in on another server, they are not able to navigate to Server1/URLTest because they cannot be authenticated... What is wrong? Are the servers part of the same domain? If they don't that is the problem,
admin and/or guest in server1 cannot be authenticated in server2 because they are different systems or security scope. Marcelo V. <r.oosterh***@gmail.com> wrote in message Show quoteHide quote news:1161182610.077861.136090@e3g2000cwe.googlegroups.com... > I need to authenticate users agains an Active Directory (or rather > ADAM)... > > I've red about a new feature in IIS 6.0: URL Authentication and I did > manage to set-up a situation where users are authenticated by use of > LDAP query: (&(objectCategory=user)(CN=*))) > > But, now comes the stange part, only users logged-in on the server > where IIS is configured are authenticated correctly. > For example: > IIS/URL Authentication is configured at server Server1 to protect > virtual directory /URLTest. > When user 'admin' is logged in Server1, he is able to go to > http://localhost/URLTest > When user 'test' is logged in Server1, he is also able to go to the url > above, > > When users 'admin' or 'test' are logged-in on another server, they are > not able to navigate to Server1/URLTest because they cannot be > authenticated... > > What is wrong? > Thanks for your reply.
The servers are indeed part of the same domain... So this can not be the problem... Rick O. Marcelo Villalón schreef: Show quoteHide quote > Are the servers part of the same domain? If they don't that is the problem, > admin and/or guest in server1 cannot be authenticated in server2 because > they are different systems or security scope. > > Marcelo V. > > <r.oosterh***@gmail.com> wrote in message > news:1161182610.077861.136090@e3g2000cwe.googlegroups.com... > > I need to authenticate users agains an Active Directory (or rather > > ADAM)... > > > > I've red about a new feature in IIS 6.0: URL Authentication and I did > > manage to set-up a situation where users are authenticated by use of > > LDAP query: (&(objectCategory=user)(CN=*))) > > > > But, now comes the stange part, only users logged-in on the server > > where IIS is configured are authenticated correctly. > > For example: > > IIS/URL Authentication is configured at server Server1 to protect > > virtual directory /URLTest. > > When user 'admin' is logged in Server1, he is able to go to > > http://localhost/URLTest > > When user 'test' is logged in Server1, he is also able to go to the url > > above, > > > > When users 'admin' or 'test' are logged-in on another server, they are > > not able to navigate to Server1/URLTest because they cannot be > > authenticated... > > > > What is wrong? > > The problem is that "URL Authentication" does not exist.
The feature is actually called "URL Authorization". Authorization (i.e. what can a user do?) is totally different than Authentication (i.e. what user are you?) "URL Authorization" takes effect AFTER Authentication completes, since you need to know WHO the user is before trying to determine WHAT the user is authorized to do. Since you say you cannot authenticate to this server when logged into a remote machine, what you configured for "URL Authorization" is not involved at all. Your problem has to do with why those users cannot authenticate from a remote machine. The best way is to look at the IIS web log entries for these remote access attempts to see what is wrong. http://blogs.msdn.com/david.wang/archive/2005/12/31/HOWTO_Basics_of_IIS6_Troubleshooting.aspx //David http://w3-4u.blogspot.com http://blogs.msdn.com/David.Wang // r.oosterh***@gmail.com wrote: Show quoteHide quote > I need to authenticate users agains an Active Directory (or rather > ADAM)... > > I've red about a new feature in IIS 6.0: URL Authentication and I did > manage to set-up a situation where users are authenticated by use of > LDAP query: (&(objectCategory=user)(CN=*))) > > But, now comes the stange part, only users logged-in on the server > where IIS is configured are authenticated correctly. > For example: > IIS/URL Authentication is configured at server Server1 to protect > virtual directory /URLTest. > When user 'admin' is logged in Server1, he is able to go to > http://localhost/URLTest > When user 'test' is logged in Server1, he is also able to go to the url > above, > > When users 'admin' or 'test' are logged-in on another server, they are > not able to navigate to Server1/URLTest because they cannot be > authenticated... > > What is wrong? David, thanks a lot!
That finally helped me. Now I know I need another solution for my Authentication (which I was really looking for; thus not Authorization)... Thanks again, Rick O. David Wang schreef: Show quoteHide quote > The problem is that "URL Authentication" does not exist. > > The feature is actually called "URL Authorization". Authorization (i.e. > what can a user do?) is totally different than Authentication (i.e. > what user are you?) > > "URL Authorization" takes effect AFTER Authentication completes, since > you need to know WHO the user is before trying to determine WHAT the > user is authorized to do. > > Since you say you cannot authenticate to this server when logged into a > remote machine, what you configured for "URL Authorization" is not > involved at all. > > Your problem has to do with why those users cannot authenticate from a > remote machine. The best way is to look at the IIS web log entries for > these remote access attempts to see what is wrong. > > http://blogs.msdn.com/david.wang/archive/2005/12/31/HOWTO_Basics_of_IIS6_Troubleshooting.aspx > > > > //David > http://w3-4u.blogspot.com > http://blogs.msdn.com/David.Wang > // > > > > r.oosterh***@gmail.com wrote: > > I need to authenticate users agains an Active Directory (or rather > > ADAM)... > > > > I've red about a new feature in IIS 6.0: URL Authentication and I did > > manage to set-up a situation where users are authenticated by use of > > LDAP query: (&(objectCategory=user)(CN=*))) > > > > But, now comes the stange part, only users logged-in on the server > > where IIS is configured are authenticated correctly. > > For example: > > IIS/URL Authentication is configured at server Server1 to protect > > virtual directory /URLTest. > > When user 'admin' is logged in Server1, he is able to go to > > http://localhost/URLTest > > When user 'test' is logged in Server1, he is also able to go to the url > > above, > > > > When users 'admin' or 'test' are logged-in on another server, they are > > not able to navigate to Server1/URLTest because they cannot be > > authenticated... > > > > What is wrong? 
Other interesting topics
Switching from http to https
Is posting from http to https secure? Multiple websites in one IIS with Integrated Windows Authentication Web site can't be browsed when logging out from IISv6.0 Server SSLv3 with certificate issued by Intermediate certificae authority Problem with Impersonation / Delegation How do you get rid of IIS Anonymous Event Logs? Cannot get logon prompted on web page on one machine firefox 1.5 & iis6.0 Password protecting a single page on IIS |
|||||||||||||||||||||||
