In IIS 7, after I specify the physical path for my website and click the "Test Settings" button, I get the following warning:
The server is configured to use pass-through authentication with a built-in account to access the specified physical path. However, IIS Manager cannot verify whether the built-in account has access. Make sure that the application pool identity has Read access to the physical path. If this server is joined to a domain, and the application pool identity is NetworkService or LocalSystem, verify that
<domain>\<computer_name>$
has read access to the physical path. Then test these settings again.
So what is pass-through authentication? Literally, it should be pass some A through some B? So what are the A and B?
Also, I am actually using the built-in ApplicationPoolIdentity. Why can't IIS verify that this account has proper access rights to the physical path? Why do I need to verify it myself?
Enabling authentication in IIS 7.0, 7.5, 8.0 or 8.5 IIS Manager will open. Select your web console on the left, under <name of the machine>\Sites, and then double-click the Authentication button. Right-click Anonymous Authentication and choose Disable, right-click Windows Authentication and choose Enable.
IIS 7 supports Anonymous authentication, Basic authentication, Client Certificate Mapping authentication, Digest authentication, IIS Client Certificate Mapping authentication, and Windows authentication. Additional authentication modes can be provided by third-party authentication modules.
Normally, IIS would use the process identity (the user account it is running the worker process as) to access protected resources like file system or network.
With passthrough authentication, IIS will attempt to use the actual identity of the user when accessing protected resources.
If the user is not authenticated, IIS will use the application pool identity instead. If pool identity is set to NetworkService or LocalSystem, the actual Windows account used is the computer account.
The IIS warning you see is not an error, it's just a warning. The actual check will be performed at execution time, and if it fails, it'll show up in the log.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With