与IIS6下运行的内部网站身份验证问题 [英] authentication issue with an intranet website running under IIS6

问题描述

我有一个内部网站IIS6下运行（特定的端口下，而不是默认的）启用一个集成的Windows身份验证和使用与服务帐户配置的应用程序池。问题是，如果我使用的服务器名称与URL中的完全合格的域名访问的网站，它抛出一个登录提示（即使进入我的Windows登录凭据，不工作），但如果我使用的IP地址服务器然后正常工作。请让我知道什么，我需要做的就是与服务器名称工作的URL。
例如 http：//服务器：8080 / Default.aspx的抛出登录提示，但是的 HTTP：// IP地址：8080 / Default.aspx的正常工作

I have an an intranet website running under IIS6 (under a specific port, not the default one) with a integrated windows authentication enabled and uses an application pool configured with a service account. the issue is, if I access the website using the server name with a fully qualified domain in the URL, it throws a login prompt (doesn't work even if enter my windows login credentials), but if I use the IP address of the server then it works fine. Please let me know what I need to do to get the URL with server name working. for example http://servername:8080/default.aspx throws login prompt, but http://ip address:8080/default.aspx works fine

推荐答案

我遇到了同样的问题。我相信这是是与Kerberos身份验证机制。如果诉诸NTLM它会工作（使用一个IP地址时，它一定支持）。 Kerberos要求在Active Directory中注册为它工作的SPN。 Kerberos的也不会允许你有不同的帐户之下，但具有相同的服务器名称运行的应用程序池。在这种情况下，你应该有一个网站的备用名称并注册使用Kerberos。不过，我并没有真正解决问题却又如此这些都只是建议。

I am experiencing the same problem. I believe it is something to do with Kerberos authentication mechanism. If it resorts to NTLM it will work (which it does when using an IP address). Kerberos requires an SPN registered on Active Directory for it to work. Kerberos also won't allow you to have application pools running under different accounts but with the same server name. In these situations you should have an alternate name for the site and register that with Kerberos. However, I haven't actually resolved the issue yet so these are just suggestions.

这篇关于与IIS6下运行的内部网站身份验证问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！