IIS - Can IIS authenticate users from external AD forests?

Asked By Deane

03-May-08 08:41 PM

My client has three AD forests, each with external trusts to the
others.

He has an IIS Web server in Forest A, which contains Domains A and B.
We have revoked anonymous access to this server, as we need to match
inbound requests with AD users. This is working fine for Domains A and
B (those in the same forest) -- they can authenticate to the Web
server, access files, and the request comes in under their personal AD
accounts.

However, users in Forest B (which contains Domain C) and Forest C
(which contains Domain D) cannot authenticate to this IIS server. They
are prompted for credentials which are never accepted.

It's not an NTFS problem -- we have ensured these users have file-
level permissions to all the files of the Web site.

So, the question is: can an IIS Web server authenticate users from
different AD Forests? If so, is there some magic setting to allow this
that I'm not aware of?

IIS Discussions

IIS
(1)

Kerberos
(1)

Referrals
(1)

Forests
(1)

Trusts
(1)

Ken Schaefer replied...

03-May-08 04:04 AM

How are the clients authenticating?

If using Kerberos, then if you have an external trust, Kerberos referrals
will not work cross-Forest - you need to use a Forest trust instead.

Cheers
Ken

Previous Discussion: Is this possible?

IIS Kerberos issue IIS

IIS Kerberos issue IIS Hi, I've stumbled onto an authentication under by configuration of IIS. I've a web service which calls out to another web service, which are sometimes located on the same box. If they are and Kerberos security is activated then the web services cannot authenticate - no credentials are begin passed - 401 everything works fine. If there anyway to set the authentication protocol in the URL? Cheers IIS Discussions IIS (1) Kerberos (1) Protocols (1) The problem is not with IIS nor Kerberos. You are assuming that

IIS 7.0 problems IIS

IIS 7.0 problems IIS I have installed windows longhorn, I'm trying to install IIS, and I'm getting lots of errors in the installation of the http and security, the only portion that is installed is the FTP. I tried to uninstall IIS and install it back again, never succeeded. I have Directory services, DNS, and I'm trying to install IIS on the server. any ideas ? Thank you so much. IIS Discussions IIS (1) ASP.NET (1) Windows Server (1) ClientCertificateMappingAuthentication (1) IISCertificateMappingAuthentication (1) WebServerManagementTools (1) ManagementScriptingTools (1 build of longhorn are you using? Try installing IIS7 from a command line.http: / / www.iis.net / default.aspx?tabid = 2⊂tabid25&i = 958 - - Steve Schofield Windows Server MVP - IIS ASPInsider

IIS is not physically creating virtual directory but create in IIS IIS

IIS is not physically creating virtual directory but create in IIS IIS Hi, IIS is not Physically Creating Virtual Directory but create in IIS and map to source folder When I am creating in IIS, I am administrator in my system. What may be possible cause of this. I am using IIS 5.1 and Operating System is Win XP Service Pack 2. Regards, Vivek IIS Discussions Visual Studio (1) IIS (1) XP (1) Vivek (1) Directories (1) Directory (1) Creatign

IIS - hang analysis IIS

IIS - hang analysis IIS IIS hangs hosting our application, i have IIS state logs. Can anyone help me with the analysis? url:http: / / www.ureader.com / gp / 1524-1.aspx IIS Discussions IIS (1) Can you post the logs? keywords: IIS, -, hang, analysis description: IIS hangs hosting our application, i have IIS state logs. Can anyone help me with the