tags:

views:

918

answers:

1
+1  Q: 

Setting NTAuthenticationProviders at an Application level in IIS 6

I have the following structure in IIS.

Internet Information Services
> (local computer)

> Web Sites

> Default Web Site

> MyApplication

MyApplication is a Application in IIS.

Integrated Windows authentication is NOT set on the Default Web Site. However I want to set Integrated Windows authentication on MyApplication. (Its an intranet app).

This can be done via the GUI: Right click on the Default Web Site and choose Properties. Select the Directory Security tab, and click Edit on the Anonymous access and authentication control.

I want to include this in a setup script. I have other setup commands, using adsutil.vbs but I'm struggling to set up the Integrated windows authentication.

Running:

cscript //nologo c:\Inetpub\AdminScripts\adsutil.vbs
GET /W3SVC/1/NTAuthenticationProviders

Returns

NTAuthenticationProviders       : (STRING) "NTLM"

However, i exepcted to be able to run

cscript //nologo c:\Inetpub\AdminScripts\adsutil.vbs GET 
/W3SVC/1/ROOT/MyApplication/NTAuthenticationProviders

But this returns

Error Trying To GET the property: (Get Method Failed)
NTAuthenticationProviders (This property is probably not allowed at this node)

Is it not possible to set NTAuthenticationProviders Metabase property on an appliction level?

Thank you

+1  A: 

The metabase property that controls the Authenticated Access property values on the IIS Directory Security -> Authentication Methods dialogue is actually called AuthFlags.

The value is a flag and is documented here:

AuthFlags Metabase Property (IIS 6.0) (TechNet)

To set this value to Integrated Windows Authentication (AuthNTLM) use the following command (take care because this command operates on the Default Website, IISNumber:1) -

adsutil.vbs SET /W3SVC/1/ROOT/MyApplication/AuthFlags 4

If you want to set, say, both NTLM and Basic authentication then you would boolean OR the values together, e.g. MD_AUTH_BASIC | AuthNTLM. This would product an integer result of 6:

:: Set both NTLM and Basic authentication
adsutil.vbs SET /W3SVC/1/ROOT/MyApplication/AuthFlags 6

If you inspect the metabase file (C:\WINDOWS\system32\inetsrv\MetaBase.xml) and search for:

Location="/LM/W3SVC/1/ROOT/MyApplication"

...you will see the attribute that controls this setting (after setting to 6 as above):

AuthFlags="AuthBasic | AuthNTLM"

It may take some time before this value updates in the metabase because changes such as this aren't immediately flushed to the file (although IISRESET will cause it to update immediately).

Kev  2009-10-16 01:27:10
Superb! Thank you!
Paul  2009-10-16 08:19:14
You're correct about the IISRESET by the way.
Paul  2009-10-16 08:19:52

related questions

IE6 security login (debugging via VirtualPC)
Asp.net Reinstalling a DLL into the GAC
Failed to load resources from resource file.
What does an IISReset do?
How do I secure a folder used to let users upload files?
VBScript/IIS - How do I automatically set ASP.NET version for a particular website
IIS 6/COM+ hangs
Web server farms with IIS ? Basic Infos
.NET 3.5 Service Pack 1 causes 404 pages on ASP.NET Web App
What Url rewriter do you use for ASP.Net?
Publishing to IIS - Best Practices
ASP.NET Proxy Application
PHP on IIS
How do I stop IIS7 dropping my cookies?
HTTPS in IIS 5.1
Best tool for performance testing ASP.NET
Alternative Hostname for an IIS web site for internal access only
SQL Server 2008 FileStream on a Web Server
Solutions for working with multiple branches in ASP.Net
Dual vs. Quadcore on a Webserver
PHP Error - Uploading a file
Visual Studio 2008 debugger already attached work-around
Linux shell equivalent on IIS
Bandwith throttling in IIS 6 by IP Address
Checklist for IIS 6/ASP.NET Windows Authentication?