Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>I wrote a small app to display the current user's network username grabbed from several different places such as <code>Page.User.Identity.Name</code>. I also grabbed information about the domain user using a couple different methods for querying ActiveDirectory. All this to validate the following.</p> <p>I have found two primary modes for running your application using Windows Authentication, which is primarily used in an Intranet environment according to my research. Here are the minimum essential elements of the configurations:</p> <p><strong>Classic Mode</strong></p> <ul> <li>AppPool - Managed Pipeline set to Classic mode.</li> <li>AppPool - Identity set to Network Service.</li> <li>Authentication - Disabled: Anonymous Authentication</li> <li>Authentication - Enabled: ASP.NET Impersonation</li> <li>Authentication - Enabled: Windows Authentication</li> <li>Providers - Disabled: Kerberos</li> <li>Advanced Settings - Kernel Mode: Either</li> </ul> <p><strong>Integrated Mode</strong></p> <ul> <li>AppPool - Managed Pipeline set to Integrated mode.</li> <li>AppPool - Identity set to Network Service.</li> <li>Authentication - Disabled: Anonymous Authentication</li> <li>Authentication - Disabled: ASP.NET Impersonation</li> <li>Authentication - Enabled: Windows Authentication</li> <li>Providers - Enabled: Kerberos</li> <li>Advanced Settings - Kernel Mode: Disabled</li> </ul> <p><strong>Now here's the kicker!!</strong></p> <p>If you want to use Integrated mode (which is ideal as it yields much more functionality, and well, integration) you will need to have enabled Delegation. Here are a couple must-read articles to understand the basics of <a href="http://technet.microsoft.com/library/ee191523.aspx">Delegation</a>, and by extension <a href="http://msdn.microsoft.com/en-us/library/ms191153%28v=sql.105%29.aspx">Dynamic SPN Registration</a>. Since this gets into more Kerberos and security considerations that you probably care to delve into, it might be easier to just stick with Classic mode where all you have to do is enable Impersonation and call it a day; or else cheat and disable <code>validateIntegratedModeConfiguration</code>. :P</p> <p>I hope this helps someone out there on the interwebz. Cheers! :)</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload