I have a requirement to have a website running as a service account for IP reasons, I also want to be able to use AzMan for Auth/Auth of the users. For some reason I can't seem to get these working together. I have set up a sample app to test the waters that basically spits out some user credentials. Other than Azman and the web config set up the app has no integration code (no logging/DB/Webserice interaction) it's a one pager.
Running the app pool under the network service account with the Anon access denied I get:
Windows Identity Check - Name: 'NT AUTHORITY\NETWORK SERVICE'
Request.LogonUserIdentity.Name = 'CT\rhyc'
HttpContext.User.Identity.Name = 'CT\rhyc'
User.Identity.Name = 'CT\rhyc'
Is in UserRole = 'True'
..which is all good, everything is working, however the service account is network service not the service account I am supposed to be using. If I switch the account to the service account I get the pop up window asking for user credentials (which I don't want, it should be single sign on); however I was getting these credentials passed down in the previous set up (ct/rhyc)
There has been a setspn command run for the web site (apparently), but I don't really know what spn does, let alone know how to check it. Also if I allow anon access with the app pool running the service account the I get:
Windows Identity Check - Name: 'CT\SVC-PERAT2-T2DEV'
Request.LogonUserIdentity.Name = 'PERAT2NTAH3WD1\CVX_IUSR'
HttpContext.User.Identity.Name = ''
User.Identity.Name = ''
Is in UserRole = 'False'
Sorry guys, I'm and IIS n00b, it is not normally something I would do, however our admins don't seem to know much about IIS so it's left to me.. :(
