Windows Pass-Through Authentication

Followed the guide, runs great. My only Q is why I still get prompted to enter a un/pw when I click the link; especially if I'm logged in from a computer on that domain, as well as being the same user. My expectation was that if the computer you're logging in from is on the same domain and you're using your specified username (rather than domain\everyone), it shouldn't prompt and 'pass through' the credentials.

Find more posts tagged with

passthrough_authentication

Accepted answers

FormerMember

Mike... this is something I've gone over and over with support; the admin guide needs to be re-written because the steps are in some cases wrong or not needed. Here's what I had to do post v9...

"Here is the process that I went through to fix it. Yesterday I completely rebuilt the extra web server to verify the results. The ISAPI filter didn’t install right again, but my production Web Console had it setup right; I don’t see that as an issue we’d need to look at further. This fixes the user based view restriction throughout the site, as well as the administrator ‘Edit Resource’ function.

Install Web Console
1. Run the CW, auto update to SP3 fails (AJAX extensions fail).
2. Reboot the server, run SP3 update, CW runs.
Setup Pass-Through Authentication
1. custom.config <identity impersonate="false" /> to <identity impersonate="true" />
2. Uncheck Anonymous and check Integrated Windows Authentication.
Check/Change Permissions
1. Solarwinds_website set to full control (if not already).
2. {Server}\Users change to Modify/Write
Restart IIS
Check local server login and AD login.
Change Permissions
1. {Server}\Users change back to Read/Execute.
Restart IIS
Check local server login and AD login.

Anytime the CW runs it overwrites all files in the {Drive}:\Inetpub\{Website} directory, including the custom.config. It might be worth while for the CW to do an [if exists] for this file and not overwrite it when running, especially if the modify date is newer than the original file. Step 16 of the Pass-Through Authentication procedure in the Admin Guide isn’t necessary and actually breaks part of the Pass-Through Authentication."

All comments

SamuelB

Are you using Firefox or IE? If you are using IE, try adding the website to the Trusted Sites list and also reset the trusted sites list to the Default Level.

FormerMember

Thx to aLTeReGo and SamuelB who clearly know more about server authentication than someone who can rarely spell BGP. Domain membership of the server and trusted sites did it...

aLTeReGo

Thx to aLTeReGo and SamuelB who clearly know more about server authentication than someone who can rarely spell BGP. Domain membership of the server and trusted sites did it...

Happy to help. I'm glad to hear you're up and running.

FormerMember

check your link you use to open the website and see if it has /login at the end of the link.

remove it if it does and then the domian login should take over.

AlbanyNYMike

I am trying to get Windows pass through to work but am running into issues.
We are runniong 9.1 SP3.

I followed the steps in the admin guide. I made the chnages to the IIS service on the Orion Server. (unchecked anon, check Windows security, applied)

I then ran the config wiz for the website portion. All went well. Now when I log into the Orion website, the guide says I should be able to add a new user, Domain\user.

When I go to add my domain account, it wont let me continue without entering a password? This should not be the case?

Also, if I ever do get this working, will I be able to apply view limitations on the pass through accounts? There are only about 20 users, but they are split in groups of 5 each, and each group is set in Orion to only see thier particular custom property nodes.

Any help would be greatly appreciated.

Thanks

FormerMember

Mike... this is something I've gone over and over with support; the admin guide needs to be re-written because the steps are in some cases wrong or not needed. Here's what I had to do post v9...

Install Web Console
1. Run the CW, auto update to SP3 fails (AJAX extensions fail).
2. Reboot the server, run SP3 update, CW runs.
Setup Pass-Through Authentication
1. custom.config <identity impersonate="false" /> to <identity impersonate="true" />
2. Uncheck Anonymous and check Integrated Windows Authentication.
Check/Change Permissions
1. Solarwinds_website set to full control (if not already).
2. {Server}\Users change to Modify/Write
Restart IIS
Check local server login and AD login.
Change Permissions
1. {Server}\Users change back to Read/Execute.
Restart IIS
Check local server login and AD login.

MTorok

skierjmh,

This is great information. I will make sure that the documentation is updated for the next release. Meanwhile, we will get this into the release notes.

I will also forward your suggestion about 'if exists' for the custom.config file to Denny and the dev lead.

Michael

whatever275

Could you give me any further detail on these steps? In step 1, what SP3 are you referring to?

On step 3, where are these permissions you're changing?