« Previous Next »

• 07-09-2009, 7:47 AM

  kevinkenny Joined on 01-19-2006, 2:14 PM Scotland Posts 7

  Why does my site use the IUSR account when configured for pass-through authentication? Reply Contact I have an IIS7 website that is set to run in its own application pool. The application pool is configured as: Managed Pipeline Mode: Integrated Identity: I_siteuser (account is member of IIS_IUSRS) The website physical path is: d:\websites\testsite\www and the account I_siteuser has modify permissions on the folder. If I set the website to use pass-through authentication I get a security error: HTTP Error 401.3 - Unauthorized If I configure the site to use a specific user (I_siteuser) I can view pages and run scripts just fine. I was under the impression that if I use pass-through authentication then the identity of the application pool would be used (which in this case is configured to run under the identity of I_siteuser). This seems not to be the case and the identity that the site runs under is actually the built-in account IUSR. I verified this by adding read/exec rights to the website folder for IUSR. Is there another setting I'm missing here? I also enabled Basic Authentication and Windows Authentication on the site but this just causes login dialogues to appear. Thanks for looking. Kevin

  Tags: securityconfiguration

• 07-10-2009, 10:45 AM

  In reply to

  jeff@zina.com Joined on 09-26-2003, 10:43 AM Naples, FL, USA Posts 2,103

  Re: Why does my site use the IUSR account when configured for pass-through authentication? Reply Contact Passthrough authentication passes through whatever account is logged in to the web site, the Windows user account for example, not the app pool account.  The login dialog appears because your browser won't pass credentials to an untrusted site.  Add your site to the Intranet security zone in your browser to skip the lgin dialog. Jeff Look for Wrox's new book Professional IIS 7 in your local bookstore, or order now at Amazon.com