aspnet2securityfaq0043

Cancel Edit [WikiEntry.PreviewButtonText] Save
Return to HomePage, ASPNET2SecurityFAQs

Question: When and how do I use Kerberos authentication in ASP.NET 2.0?

Answer:


If all your computers are in a Windows Server 2000 or later domain and your clients are using Internet Explorer version 5.5 or later, you can use Kerberos authentication in ASP.NET.

To use Kerberos Authentication in ASP.NET
* Configure your application's virtual directory in IIS to disable anonymous access and configure it to use Integrated Windows authentication alone (by default anonymous access is enabled).
* Configure your application's Web.config for Windows authentication (the default)
		 <authentication mode="Windows">

If you run your application using a domain service account, you must register a service principal name (SPN) for that account in Active Directory to associate the account with the HTTP service on the Web server. To register an SPN, use the Setspn.exe utility as follows

		 setspn -A HTTP/webservername [domain\customAccountName] 
		 setspn -A HTTP/webservername.fullyqualifieddomainname [domain\customAccountName]

Note that you cannot have multiple Web applications with the same host name if you want them to have multiple identities and to use Kerberos authentication. This is an HTTP limitation, not a Kerberos limitation. The workaround is to have multiple Domain Name System (DNS) names for the same host, and start the URLs for each Web application with a different DNS name. For example, you would use http://app1 and http://app2 instead of http://site/app1 and http://site/app2.

Note: If your clients run Internet Explorer 6, you must enable the browser to respond to a negotiate challenge and perform Kerberos authentication. To do this, select the Enable Integrated Windows Authentication check box in the Security section of the Advanced tab of the Internet Options menu, and then restart the browser. Administrators can enable Integrated Windows authentication by setting the EnableNegotiate DWORD value to 1 in the following registry key: HKEYCURRENTUSER\Software\Microsoft\Windows\CurrentVersion\Internet Settings

Return to HomePage, ASPNET2SecurityFAQs
Cancel Edit [WikiEntry.PreviewButtonText] Save
Microsoft Communities