April 30th, 2013, 02:15 AM
IIS 7.5 Windows Authentication fails unless the code files are shared to end users
I’m setting up a simple Classic ASP application, to read the user login using Windows Authentication, in IIS 7.5 on a Windows 2008 R2 Server.
(The application is just one file and has this line - response.write(Request.ServerVariables("LOGON_USER")) )
But I’m unable to read the user’s login information unless the code files (application directory) are given Read & Execution permissions to the specific person or ‘Everyone’.
If I remove ‘Everyone’ or the end user’s Id, I’m prompted to a login pop-up which subsequently takes me to the 401 - Unauthorized error.
I’ve the following settings applied in the IIS…
Set the Application Pool’s identity to ‘ApplicationPoolIdentity’
Enabled Windows Authentication and disabled all other Authentications.
Moved ‘NTLM’ to top on the Providers under Windows Authentication.
Set the Impersonate User to False in CGI
Added ‘IIS AppPool\DefaultAppPool’ to the Security properties of the application directory.
I’m confused why IIS 7.5 web applications with Windows Authentication needs end users or ‘Everyone’ to have read access to the code files.
Please suggest your views to resolve this problem and help me run this application without the folders being shared with the end users.
Thanks in advance,
Did you solve this? I've been absent for a while.
I haven't spent any time with IIS 7.5 and don't know any definite solutions, but as a guess make sure the other user accounts that IIS may use (IWAM_ etc) have proper permissions to the files in question. Just a wild guess though.
I've never been able to appreciate the sublime arrogance of folks who feel they were put on earth just to save other folks from themselves .." - Donald Hamilton