IIS ARR pass-through Windows authentication does not work

windows-authentication arr iis authentication
508

I finally found a solution for us:

Since we don't have the requirement for "multi-hop" authentication (=kerberos) I was able to force NTLM. On the web server under auhtentication (site) I changed the providers for Windows Authentication and removed everything but NTLM. So NTLM is the only available way for authentication.

On the ARR I changed everything back to the original settings and enabled anonymous access only. Then ARR is able to pass-through the authentication to the web server.

In my opinion Microsoft has a bug in the Kerberos handling and it does not depend on whether the authentication is proceeded in ther Kernel or by the ARR.

Share:
508

Related videos on Youtube

Arsenio Aguirre
Author by

Arsenio Aguirre

Updated on September 18, 2022

Comments

  • Arsenio Aguirre
    Arsenio Aguirre over 1 year

    I am creating a web application, I am enabled the login with google openid connect and it is working. Now I want to protect the resources (rest api) with the access_token but I am not finding how to pass a custom audience (https://api.myapp.com) and custom scopes (read:users add:users) to create the access_token, is it possible create custom audience and scope by google openid connect to protect my resources?

    If I dont validate the access_token (audience and scopes) I can compromise my web application.

    See the below image. enter image description here

    Thanks in advance.

    Regards, Arsenio

    • BE77Y
      BE77Y about 9 years
      Can you list the things you have tried, please?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Can't login to website using windows authentication IIS
Restrict access to an intranet site to a specific group of users
IIS Won't authenticate domain user: 401.2
Force IIS to prompt for credentials
HTTP Error 500.19 - Error Code 0x80070021
HTTP Error 401.0 - Unauthorized
401 - Unauthorized in IE7 only with windows authentication.
Integrated Windows Authentication in WCF on IIS 6.0
unable to authenticate using basic authentication
authentication issue with an intranet website running under IIS6