URL Authentication IIS 6.0

I need to authenticate users agains an Active Directory (or rather
ADAM)...

I've red about a new feature in IIS 6.0: URL Authentication and I did
manage to set-up a situation where users are authenticated by use of
LDAP query: (&(objectCategory=user)(CN=*)))

But, now comes the stange part, only users logged-in on the server
where IIS is configured are authenticated correctly.
For example:
IIS/URL Authentication is configured at server Server1 to protect
virtual directory /URLTest.
When user 'admin' is logged in Server1, he is able to go to
http://localhost/URLTest
When user 'test' is logged in Server1, he is also able to go to the url
above,

When users 'admin' or 'test' are logged-in on another server, they are
not able to navigate to Server1/URLTest because they cannot be
authenticated...

What is wrong?

Re: URL Authentication IIS 6.0

Are the servers part of the same domain? If they don't that is the problem,
admin and/or guest in server1 cannot be authenticated in server2 because
they are different systems or security scope.

Marcelo V.

wrote in message
news:1161182610.077861.136090@e3g2000cwe.googlegroups.com...
> I need to authenticate users agains an Active Directory (or rather
> ADAM)...
>
> I've red about a new feature in IIS 6.0: URL Authentication and I did
> manage to set-up a situation where users are authenticated by use of
> LDAP query: (&(objectCategory=user)(CN=*)))
>
> But, now comes the stange part, only users logged-in on the server
> where IIS is configured are authenticated correctly.
> For example:
> IIS/URL Authentication is configured at server Server1 to protect
> virtual directory /URLTest.
> When user 'admin' is logged in Server1, he is able to go to
> http://localhost/URLTest
> When user 'test' is logged in Server1, he is also able to go to the url
> above,
>
> When users 'admin' or 'test' are logged-in on another server, they are
> not able to navigate to Server1/URLTest because they cannot be
> authenticated...
>
> What is wrong?
>

Re: URL Authentication IIS 6.0

Thanks for your reply.
The servers are indeed part of the same domain...
So this can not be the problem...

Rick O.

Marcelo Villal=F3n schreef:

> Are the servers part of the same domain? If they don't that is the proble=
m,
> admin and/or guest in server1 cannot be authenticated in server2 because
> they are different systems or security scope.
>
> Marcelo V.
>
> wrote in message
> news:1161182610.077861.136090@e3g2000cwe.googlegroups.com...
> > I need to authenticate users agains an Active Directory (or rather
> > ADAM)...
> >
> > I've red about a new feature in IIS 6.0: URL Authentication and I did
> > manage to set-up a situation where users are authenticated by use of
> > LDAP query: (&(objectCategory=3Duser)(CN=3D*)))
> >
> > But, now comes the stange part, only users logged-in on the server
> > where IIS is configured are authenticated correctly.
> > For example:
> > IIS/URL Authentication is configured at server Server1 to protect
> > virtual directory /URLTest.
> > When user 'admin' is logged in Server1, he is able to go to
> > http://localhost/URLTest
> > When user 'test' is logged in Server1, he is also able to go to the url
> > above,
> >
> > When users 'admin' or 'test' are logged-in on another server, they are
> > not able to navigate to Server1/URLTest because they cannot be
> > authenticated...
> >
> > What is wrong?
> >

Re: URL Authentication IIS 6.0

The problem is that "URL Authentication" does not exist.

The feature is actually called "URL Authorization". Authorization (i.e.
what can a user do?) is totally different than Authentication (i.e.
what user are you?)

"URL Authorization" takes effect AFTER Authentication completes, since
you need to know WHO the user is before trying to determine WHAT the
user is authorized to do.

Since you say you cannot authenticate to this server when logged into a
remote machine, what you configured for "URL Authorization" is not
involved at all.

Your problem has to do with why those users cannot authenticate from a
remote machine. The best way is to look at the IIS web log entries for
these remote access attempts to see what is wrong.

http://blogs.msdn.com/david.wang/archive/2005/12/31/HOWTO_Ba sics_of_IIS6_Troubleshooting.aspx



//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//



r.oosterholt@gmail.com wrote:
> I need to authenticate users agains an Active Directory (or rather
> ADAM)...
>
> I've red about a new feature in IIS 6.0: URL Authentication and I did
> manage to set-up a situation where users are authenticated by use of
> LDAP query: (&(objectCategory=user)(CN=*)))
>
> But, now comes the stange part, only users logged-in on the server
> where IIS is configured are authenticated correctly.
> For example:
> IIS/URL Authentication is configured at server Server1 to protect
> virtual directory /URLTest.
> When user 'admin' is logged in Server1, he is able to go to
> http://localhost/URLTest
> When user 'test' is logged in Server1, he is also able to go to the url
> above,
>
> When users 'admin' or 'test' are logged-in on another server, they are
> not able to navigate to Server1/URLTest because they cannot be
> authenticated...
>
> What is wrong?

Re: URL Authentication IIS 6.0

David, thanks a lot!

That finally helped me. Now I know I need another solution for my
Authentication (which I was really looking for; thus not
Authorization)...

Thanks again,
Rick O.

David Wang schreef:

> The problem is that "URL Authentication" does not exist.
>
> The feature is actually called "URL Authorization". Authorization (i.e.
> what can a user do?) is totally different than Authentication (i.e.
> what user are you?)
>
> "URL Authorization" takes effect AFTER Authentication completes, since
> you need to know WHO the user is before trying to determine WHAT the
> user is authorized to do.
>
> Since you say you cannot authenticate to this server when logged into a
> remote machine, what you configured for "URL Authorization" is not
> involved at all.
>
> Your problem has to do with why those users cannot authenticate from a
> remote machine. The best way is to look at the IIS web log entries for
> these remote access attempts to see what is wrong.
>
> http://blogs.msdn.com/david.wang/archive/2005/12/31/HOWTO_Ba sics_of_IIS6_Troubleshooting.aspx
>
>
>
> //David
> http://w3-4u.blogspot.com
> http://blogs.msdn.com/David.Wang
> //
>
>
>
> r.oosterholt@gmail.com wrote:
> > I need to authenticate users agains an Active Directory (or rather
> > ADAM)...
> >
> > I've red about a new feature in IIS 6.0: URL Authentication and I did
> > manage to set-up a situation where users are authenticated by use of
> > LDAP query: (&(objectCategory=user)(CN=*)))
> >
> > But, now comes the stange part, only users logged-in on the server
> > where IIS is configured are authenticated correctly.
> > For example:
> > IIS/URL Authentication is configured at server Server1 to protect
> > virtual directory /URLTest.
> > When user 'admin' is logged in Server1, he is able to go to
> > http://localhost/URLTest
> > When user 'test' is logged in Server1, he is also able to go to the url
> > above,
> >
> > When users 'admin' or 'test' are logged-in on another server, they are
> > not able to navigate to Server1/URLTest because they cannot be
> > authenticated...
> >
> > What is wrong?