Authentication, Authorization... what's the difference? Actually, a whole lot, as you can read in the following...
I need to authenticate users agains an Active Directory (or rather ADAM)...
I've red about a new feature in IIS 6.0: URL Authentication and I did manage to set-up a situation where users are authenticated by use of LDAP query: (&(objectCategory=user)(CN=*)))
But, now comes the stange part, only users logged-in on the server where IIS is configured are authenticated correctly. For example:
- IIS/URL Authentication is configured at server Server1 to protect virtual directory /URLTest.
- When user 'admin' is logged in Server1, he is able to go to http://localhost/URLTest
- When user 'test' is logged in Server1, he is also able to go to the url above,
- When users 'admin' or 'test' are logged-in on another server, they are not able to navigate to Server1/URLTest because they cannot be authenticated...
What is wrong?
The problem is that "URL Authentication" does not exist.
The feature is actually called "URL Authorization". Authorization (i.e. what can a user do?) is totally different than Authentication (i.e. what user are you?)
"URL Authorization" takes effect AFTER Authentication completes, since you need to know WHO the user is before trying to determine WHAT the user is authorized to do.
Since you say you cannot authenticate to this server when logged into a remote machine, what you configured for "URL Authorization" is not involved at all.
Your problem has to do with why those users cannot authenticate from a remote machine. The best way is to look at the IIS web log entries for these remote access attempts to see what is wrong. I suggest reading this blog entry.