Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion GroupsWindows Server 2003Windows 2000Windows NTSmall Business ServerVirtual ServerExchange ServerIISHost Integration ServerISA ServerSMSWSUSMOMWindows Media ServerSecurityCertification
Related Topics
SQL ServerMS WindowsMS OfficePC HardwareMore Topics ...
Windows Server Forum / IIS / IIS Security / February 2006

Tip: Looking for answers? Try searching our database.

Application Pool without Anonymous Access

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
yonido@gmail.com - 23 Feb 2006 07:27 GMT
Hello

I want to create a WebService which belongs to a custom application
pool & doesnt allow anonymous access.

I created a user Named "TestUser", and added it to the IIS_WPG group.
Then i created a new application pool "TestAppPool" which is run by
TestUser & Created a WebService that runs under "TestAppPool". At this
stage everything works.

However, when i uncheck "Allow Anoymous Access" - accessing the
service.asmx page works only from the local computer. From a remote
station - accessing "http://myserver/myapp/service.asmx" requires
entering a username & password (which is exactly what i want) - but any
user & pass i try to enter fails.

Please note that if i change the AppPool's user to "Network Service"
(or any other "Built in" account) it works - i can login with any
active directory user.

What's wrong?
Reply to this Message
yonido@gmail.com - 23 Feb 2006 07:37 GMT
I re-tested it & if i enter the LOCAL MACHINE's administrator - when
accessing from a remote computer - it does work - but I want to allow
any domain user to log in.

Also forgot to mention that i added NTFS read access to the all the
domain users on the directory, and also tested this with a simple html
document - so its not asp.net related.
Reply to this Message
Ken Schaefer - 23 Feb 2006 09:21 GMT
Does the user account being used to run the app pool have "impersonate a
user after authetication" user right. I believe that is the user right
that's needed (I could be wrong though). Check in the local security policy
of the server.

Cheers
Ken

:I re-tested it & if i enter the LOCAL MACHINE's administrator - when
: accessing from a remote computer - it does work - but I want to allow
[quoted text clipped - 3 lines]
: domain users on the directory, and also tested this with a simple html
: document - so its not asp.net related.
Reply to this Message
yonido@gmail.com - 23 Feb 2006 09:33 GMT
yeah, "Impersonate a client after authentication" is granted to
IIS_WPG, which my user belongs to...

so thats not the problem.

update: the problem happens only if i run the AppPool with a domain
user, any other local user works if he's in IIS_WPG.
Reply to this Message
yonido@gmail.com - 23 Feb 2006 11:15 GMT
problem fixed - read:

http://support.microsoft.com/default.aspx?scid=kb;en-us;871179
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2010 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.