The problem is trying to get windows 2003 server, IIS6, and Active Directory to coexist peacefully.
I have IIS6 setup to use the network service account for the DefaultAppPool and Integrated Windows Authentication is the only authentication method checked under Authentication and access control for the web application.
in the Web.config file of the web application i have the following settings
<authentication mode="Windows" />
<identity impoersonate="True" />
<authorization>
<allow users="*"/>
</authorization>
so far so good.
this web app is running on windows 2003 server with service pack 1.
so now in order for the user to view active directory i need to allow delegation for kerberos authentication.
so i open up Active Directory Users and Computers
find the server that hosts my intranet web app.
go to the delegation tab, select Trust this computer for delegation to any service(Kerberos only)
now i use the setspn utility to register www LDAP HOST spns for the server
now the server is ready to delegate.
P.S. the domain is functioning as a windows 2003 domain
now this is the problem,
when a user on an xp machine views the intranet, the active directory information is accessable.
when I try to view the intranet on another windows 2003 / 2000 machine it does not allow my credentials to be passed to active directory so i can query it.
the web app is written on the .NET framework and i query active directoy using classes and methods of the System.DirectoryServices namespace.
any ideas or help?
I have IIS6 setup to use the network service account for the DefaultAppPool and Integrated Windows Authentication is the only authentication method checked under Authentication and access control for the web application.
in the Web.config file of the web application i have the following settings
<authentication mode="Windows" />
<identity impoersonate="True" />
<authorization>
<allow users="*"/>
</authorization>
so far so good.
this web app is running on windows 2003 server with service pack 1.
so now in order for the user to view active directory i need to allow delegation for kerberos authentication.
so i open up Active Directory Users and Computers
find the server that hosts my intranet web app.
go to the delegation tab, select Trust this computer for delegation to any service(Kerberos only)
now i use the setspn utility to register www LDAP HOST spns for the server
now the server is ready to delegate.
P.S. the domain is functioning as a windows 2003 domain
now this is the problem,
when a user on an xp machine views the intranet, the active directory information is accessable.
when I try to view the intranet on another windows 2003 / 2000 machine it does not allow my credentials to be passed to active directory so i can query it.
the web app is written on the .NET framework and i query active directoy using classes and methods of the System.DirectoryServices namespace.
any ideas or help?
