Introducing Integrated Windows Authentication
To configure Integrated Windows Authentication, you need to be a member of the Administrators group on the local computer or you should be delegated the appropriate authority. As a security best practice, use an account that is not in the Administrator's group to log on to your computer. Then use the Run As command to run IIS Manager as an administrator. In the command prompt, type runas /User:Administrative_AccountName "mmc %systemroot%\system32\inetsrv\iis.msc".
Websites in different worker processes that run under different identities can be isolated. IIS may behave in a different way, if Integrated Windows Authentication is used. Integrated Windows Authentication tries to use Kerberos, a network authentication protocol, which might not work, depending upon the identity of the worker process.
The use of
Kerberos authentication fails in two cases. They are:
1. Kerberos authentication fails when websites are isolated on a virtual directory level, by configuring worker process identities as different domain accounts.
2. If you want to use a local user account or a LocalService account as a worker process identity, when using Integrated Windows Authentication and not using a Windows Internet Name Service (WINS) or Domain Name System (DNS) name for the server that runs the IIS, Kerberos authentication fails as Active Directory does not trust the accounts.
When Kerberos authentication fails, you can force the IIS to use NTLM authentication. To do this, set the NTAuthenticationProviders metabase property to NTLM.
to our mailing list and receive new articles
through email. Keep yourself updated with latest
developments in the industry.
: We never rent, trade, or sell my email lists to
anyone. We assure that your privacy is respected
Visit .NET Programming Tutorial Homepage