Re: IIS Remote Content and Kerberos Delegation

From: Ray at <%=sLocation%> [MVP] (%=sLocation%)
Date: 05/20/04

• Next message: Tony Proctor: "Re: I suspect memory leak !!"
• Previous message: Aaron Bertrand - MVP: "Re: I suspect memory leak !!"
• In reply to: Jacob: "IIS Remote Content and Kerberos Delegation"
• Next in thread: Jacob: "Re: IIS Remote Content and Kerberos Delegation"
• Reply: Jacob: "Re: IIS Remote Content and Kerberos Delegation"
• Messages sorted by: [ date ] [ thread ]

---

Date: Thu, 20 May 2004 10:25:39 -0400

I think your issue has to do with lack of tokens based on your authenticion.
(I'm not expert at this stuff though.)

Read these two interesting articles and make sure that you're using an
authentication method that will send kerberos tokens.

http://support.microsoft.com/?kbid=287537
http://support.microsoft.com/?kbid=264921

Ray at work

"Jacob" <jacobl@globalknowledgeconsultants.com> wrote in message
news:2369d983.0405192359.6af1899d@posting.google.com...
> Hello All,
> I am trying to serve out some content via IIS that is hosted on a
> remote fileserver, and am unable to get the delegation working
> correctly. Our setup is as follows:
>
> 2) Then I changed the '\webtest' virtual dir to use passthrough
> authentication, connecting as the authenticated user accessing the
> website. I browsed to the URL again (after closing the browser to
> clear the cache first). I immediately got a userid/password challenge
> dialog, into which I entered the credentials for 'MYDOMAIN\joeuser'.
> They weren't accepted and I was challenged 3 times in total before IIS
> finally came back with an 'HTTP 401.3 - Unauthorized: Access is denied
> due to an ACL set on the requested resource' error.

---

• Next message: Tony Proctor: "Re: I suspect memory leak !!"
• Previous message: Aaron Bertrand - MVP: "Re: I suspect memory leak !!"
• In reply to: Jacob: "IIS Remote Content and Kerberos Delegation"
• Next in thread: Jacob: "Re: IIS Remote Content and Kerberos Delegation"
• Reply: Jacob: "Re: IIS Remote Content and Kerberos Delegation"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: Cant make a domain user the "anonymous access" user ... When dealing with authentication issues it is VERY important to ... Some of the things you claim is not consistent with a default IIS ... If you use a browser that cannot do NTLM, by definition, a 401.2 error is ... user account that works and your domain account that does not. ... (microsoft.public.inetserver.iis.security) Re: client gets always every first time for every page a 401 ... cause the browse will always try anonymous access first. ... How IIS Authenticates Browser Clients ... > I have an issue with the basic authentication from IIS. ... (microsoft.public.inetserver.iis.security) RE: logout a browser under integrated security ... due to the browser. ... but not server ... >server by using Basic or NTLM authentication, ... >IIS Authenticates Browser Clients" ... (microsoft.public.inetserver.iis.security) Re: NT Authentication with ASP ... Without credentials, IIS will assume anonymous access. ... If Anonymous authentication is enabled, ... unless the browser has already authenticated. ... (microsoft.public.inetserver.asp.general) Re: a WWW-Authenticate header field that the server is not configu ... "Web browser is sending a WWW-Authenticate header field that the Web ... Read the IIS documentation on how to set up Client Certificate ... and if you turn off all IIS Authentication Methods as well as ... "Web browser is sending a WWW-Authenticate header field that the Web ... (microsoft.public.inetserver.iis.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(17)