How to get a primary token to solve a double-hop issue and be able to access Active Directory RRS feed

All replies

  • User-1739576956 posted

    Please note that the description in the URL which you have provided points to a Windows 2000 / IIS 5 (I think) setup. In IIS 6 Windows manages the password of IUSR_SRV* if you leave the password field blank. Perhaps you should take a look at something like this instead? http://mkdot.net/blogs/dejan/archive/2008/03/07/kerberos-solution-for-double-hop-authentication.aspx

    Or see if you can get the description which you've linked to, to work in your environment somewhat (I'm guessing you're not running W2k). For example, you could probably hard code a domain user as the "anonymous user" - I'm not sure it's very secure, but it will be what this KB actually is suggesting, e.g.: Open IIS, Right click your web site or virtual dir., go to the Directory Security Tab, click Edit authentication and access control, Enable anonymous access, hard code a domain user with sufficient rights instead of the IUSR_SRV-* default user, or add the IUSR-SRV-* default user to domain users group. Anyway, just a suggestion :-)

    Br. Morten

    Thursday, March 4, 2010 6:11 AM