-1

We have a website(internal) that is using windows auth. Currently in IIS we have pass- through turned on. In order for users to connect to the site we have had to provide access to everyone in NTFS permissions or we get an error reading the web config.

To get around this we have created a local user account on the server and given it read/execute permissions for the directory, and in iis set this account as the apppool user identity. When a user tries to connect to the site they are prompted to enter credentials.

Is there a way to have the application access the directory using the local user we created without prompting for credentials? Also if we set physical path credentials to a local user and leave windows auth on for the site, is it still possible to get the actual users identity from within the application?

jfin3204
  • 699
  • 6
  • 18

1 Answers1

0

What you need to do is add a new IIS AppPool identity, not a new system user, and give this new identity full control on the website dir root. (http://technet.microsoft.com/en-us/library/cc731784%28v=ws.10%29.aspx)

  1. Open IIS Manager.

  2. In the Connections pane, expand the server node and click Application Pools.

  3. On the Application Pools page, in the Actions pane, click Add Application Pool.

  4. On the Add Application Pool dialog box, type a friendly name for the application pool in the Name box.

  5. From the .NET Framework version list, select the version of the .NET Framework required by your managed applications, modules, and handlers. Or select No Managed Code if the applications that you run in this application pool do not require the .NET Framework.

  6. From the Managed pipeline mode list, select one of the following options:

    • Integrated, if you want to use the integrated IIS and ASP.NET request- processing pipeline.

    • Classic, if you want to use IIS and ASP.NET request-processing modes separately. In classic mode, managed code is processed by using Aspnet_isapi.dll instead of the IIS 7 integrated pipeline.

  7. Select Start application pool immediately to start the application pool whenever the WWW service is started. By default, this is selected.

  8. Click OK.

More about Application Pool Identities: http://www.iis.net/learn/manage/configuring-security/application-pool-identities

joshlfisher
  • 115
  • 1
  • 2
  • 8