I have a classic ASP app that I want to run under specific windows account/identity, e.g, "MEME". The asp app virtual root authentication is anonymous only (other types of auth are disabled) as the app will be doing form authentication. The filter needs to force app identity to MEME (IUSR dont have permissions to do all things I need, like open service manager etc...).
I have isapi filter and registered the SF_NOTIFY_AUTHENTICATION
event. The event is firing and the filter sets pszUser = "MEME"
(most of the time and other times other "MEME2" account) and the pszPassword = "memepass"
. But the app runs under IUSR identity. IIS7 ignores settings of pszUser/pszPassword.
I can set the app identity statically, editing virtual root, adv properties, Physical Path Credentials = "MEME"/"memepass" and that works but this is static and I need to determine MEME or MEME2 at run time.
If I enable Basic Auth then the pszuser/pszpassword set in the filter works correctly but I cannot have any auth dialogs popup on client side.
So how do I make isapi filter set the app identity to MEME (or any other win account)?
I have other events firing like SF_NOTIFY_PREPROC_HEADERS
.
In the IIS Manager you can set the anonymous access on the root folder of your site to MEME and pw.
Do this by right clicking on your site name and select properties. Select the Directory Security Tab and then Edit the "Authentication and access control". Make sure the "Enable anonymous access" is checked, and write the credentials to be used in the fields below. Click ok etc etc..
Now if you only run this site on the IIS-server here is one solution that might work for the Isapi filter.
You can set the Isapi filter on a global level instead of site level. Do the same thing as above but do this on the "Web sites" map in the IIS Manager. Here change the Anonymous user to MEME2 and then set your ISAPI filters.
Might work...