Hi,
I've see many messages and questions, some with solutions, but none seems to work for me...
In our website (IIS 7.5), we have an extra application, running on a separate application pool. The idea is that this pages should work only for a specific domain-group.
The settings of the application pool are 'Managed pipeline mode' Classic (can't really remember why this was, but I don't think it was allowed to be changed to Integrated ; however this application is a third party solution, so I don't have much details on it), running as the ApplicationPoolIdentity ; LoadUserProfile set to true
Then application itself has Pass-through authentication (test settings doesn't work).
Only when I set the ntfs-permissions on the folder for the IIS_IUSRS the index page opens, otherwise I always get a form asking for credentials, and it doesn't even let me through when I enter the credentials (401.3 ACL Errors).
Another option would be to allow IIS_IUSRS on ntfs level, and modify the web.config settings to set the authorisation to the specific group (via allow roles) ; but this doesn't work either. I tried adding Connection strings and providers to the domain, but nothing of this works ...
Is there a way to have the credentials really passed-through to the ntfs-settings? I'm really clueless at the moment how it needs to be done... (I would also need this for a folder in the 'default website', but this is less critical at the moment...)
I also tried to modify some settings in applicationHost.config based on several solutions found on the internet ; but without success, sometime a difference in behaviour, but nothing more than that ... (in the serverRuntime tag worked with and without authenticatedUserOverride="UseAuthenticatedUser" ; in the WindowsAuthentication-tag added and removed useAppPoolCredentials="true")
If anyone have some ideas what I should do, please let me know...
(However I'll start with the weekend first :))
TIA,
Alain