Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Setting NTAuthenticationProviders at an Application level in IIS 6

Tags:

I have the following structure in IIS.

Internet Information Services  
 (local computer)
  Web Sites  
   Default Web Site  
    MyApplication

MyApplication is a Application in IIS.

Integrated Windows authentication is NOT set on the Default Web Site. However I want to set Integrated Windows authentication on MyApplication. (Its an intranet app).

This can be done via the GUI: Right click on the Default Web Site and choose Properties. Select the Directory Security tab, and click Edit on the Anonymous access and authentication control.

I want to include this in a setup script. I have other setup commands, using adsutil.vbs but I'm struggling to set up the Integrated windows authentication.

Running:

cscript //nologo c:\Inetpub\AdminScripts\adsutil.vbs GET /W3SVC/1/NTAuthenticationProviders

Returns

NTAuthenticationProviders       : (STRING) "NTLM"

However, i exepcted to be able to run

cscript //nologo c:\Inetpub\AdminScripts\adsutil.vbs GET /W3SVC/1/ROOT/MyApplication/NTAuthenticationProviders

But this returns

Error Trying To GET the property: (Get Method Failed)
NTAuthenticationProviders (This property is probably not allowed at this node)

Is it not possible to set NTAuthenticationProviders Metabase property on an appliction level?

like image 933
Paul Avatar asked Oct 15 '09 10:10

Paul

1 Answers

The metabase property that controls the Authenticated Access property values on the IIS Directory Security -> Authentication Methods dialogue is actually called AuthFlags.

The value is a flag and is documented here:

AuthFlags Metabase Property (IIS 6.0) (TechNet)

To set this value to Integrated Windows Authentication (AuthNTLM) use the following command (take care because this command operates on the Default Website, IISNumber:1) -

adsutil.vbs SET /W3SVC/1/ROOT/MyApplication/AuthFlags 4

If you want to set, say, both NTLM and Basic authentication then you would boolean OR the values together, e.g. MD_AUTH_BASIC | AuthNTLM. This would product an integer result of 6:

:: Set both NTLM and Basic authentication
adsutil.vbs SET /W3SVC/1/ROOT/MyApplication/AuthFlags 6

If you inspect the metabase file (C:\WINDOWS\system32\inetsrv\MetaBase.xml) and search for:

Location="/LM/W3SVC/1/ROOT/MyApplication"

...you will see the attribute that controls this setting (after setting to 6 as above):

AuthFlags="AuthBasic | AuthNTLM"

It may take some time before this value updates in the metabase because changes such as this aren't immediately flushed to the file (although IISRESET will cause it to update immediately).

like image 177
Kev Avatar answered Oct 12 '22 12:10

Kev
Sign in to Comment

Related questions

Spring security - SecurityContext.authentication null in taglib and jsp but ok in controller
Run Emacs Command in Other Window
Efficient way of handling file pointers in Java? (Using BufferedReader with file pointer)
Programmatically remove <script src="/unwanted.js".. /> reference
How can I capture iSight frames with Python in Snow Leopard?
Yii framework - what is the file ".yii" in some folders
Create IGrouping from an already grouped datastructure
XML-RPC C# and Python RPC Server
How can I send arrow key presses to a process using Expect.pm
Windows Server 2008 Antivirus Software with an API [closed]
Generating a massive 150M-row MySQL table
.NET: How do you decide how to structure your Namespaces?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!