|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Application Pool without Anonymous AccessI want to create a WebService which belongs to a custom application pool & doesnt allow anonymous access. I created a user Named "TestUser", and added it to the IIS_WPG group. Then i created a new application pool "TestAppPool" which is run by TestUser & Created a WebService that runs under "TestAppPool". At this stage everything works. However, when i uncheck "Allow Anoymous Access" - accessing the service.asmx page works only from the local computer. From a remote station - accessing "http://myserver/myapp/service.asmx" requires entering a username & password (which is exactly what i want) - but any user & pass i try to enter fails. Please note that if i change the AppPool's user to "Network Service" (or any other "Built in" account) it works - i can login with any active directory user. What's wrong? I re-tested it & if i enter the LOCAL MACHINE's administrator - when
accessing from a remote computer - it does work - but I want to allow any domain user to log in. Also forgot to mention that i added NTFS read access to the all the domain users on the directory, and also tested this with a simple html document - so its not asp.net related. Does the user account being used to run the app pool have "impersonate a
user after authetication" user right. I believe that is the user right that's needed (I could be wrong though). Check in the local security policy of the server. Cheers Ken <yon***@gmail.com> wrote in message Show quoteHide quote news:1140680228.438315.307760@j33g2000cwa.googlegroups.com... :I re-tested it & if i enter the LOCAL MACHINE's administrator - when : accessing from a remote computer - it does work - but I want to allow : any domain user to log in. : : Also forgot to mention that i added NTFS read access to the all the : domain users on the directory, and also tested this with a simple html : document - so its not asp.net related. : yeah, "Impersonate a client after authentication" is granted to
IIS_WPG, which my user belongs to... so thats not the problem. update: the problem happens only if i run the AppPool with a domain user, any other local user works if he's in IIS_WPG. |
|||||||||||||||||||||||
Other interesting topics