Home/ Questions/Q 7691543
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-31T20:38:56+00:00

I’m having trouble with Windows Authentication in IIS7 and really in despair now. We

  • 0

I’m having trouble with Windows Authentication in IIS7 and really in despair now.
We have an ASP.NET 4 application deployed in IIS server with Windows Authentication enabled. When the client machine perform a request to the website, Windows authentication pop-up appears (expected behavior).
However, after I authenticate using valid credential, IIS doesn’t work under the provided credential. ( I know this because the connection to database server failed with the following message: “Login failed for user ‘NT AUTHORITY\ANONYMOUS LOGON’ (Impersonation authentication is also turned on))
I think that the issue lies in the configuration in IIS because when I tried to authenticate using an invalid credential, the Client windows authentication pop-up persists and prompt me to another try.

The interesting phenomenon is that: when I remote to IIS server, open IE , fill in the address in the form of “http://localhost…”. The authentication pop-up does not appear, but it automatically take my credential and works perfectly.
Yet, once again,when I try “http://10.16.9.99… (IP address of the machine), or “http://iissrv… (machine name), the same issue occurs: the windows authentication form appear and after I enter the valid credential, the application is not run under the provided credential

I’m really desperate now. Do any of you have experience with this case? Any advice now is invaluable to me :<

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Your setup is a typical two-hop scenario. You need to Google for delegation IIS. You should be able to find a ton of document teaching you how to set it up.

    What’s two-hop scenario? A person logon a workstation machine using his Windows credentials. It authenticates to a server machine, which is usually IIS server. Then, the IIS server impersonates the client credentials and talk to another back end server on behave of the end user, which is usually a database machine.

    Client –> IIS –> Database

    The capability of impersonating a client credentials and then use the impersonated credentials to talk to another server is a very high privilege. It’s called delegation.

    To allow delegation happening on the server side, you need to make sure three things

    1. Your server is granted to have delegation permission
    2. Your browser allows delegation happening on the server side
    3. Your user account is not marked to be a sensitive account

    Google more and you should be able to find the details to set things up properly. Here is one of the links that I found

    • 0