What is pass-through authentication in IIS 7?

Question

What is pass-through authentication in IIS 7?

In IIS 7, after I specify the physical path for my site and click the "Test Settings" button, I get the following warning:

The server is configured to use pass-through authentication with a built-in account to access the specified physical path. However, IIS Manager cannot verify that it has access to the built-in account. Verify that the application pool identifier has read access to the physical path. If this server is joined to a domain and the application pool identifier is NetworkService or LocalSystem, make sure that <domain>\<computer_name>$ has read access to the physical path. Then check these settings again.

So what is pass-through authentication? Literally, this should pass by A through some B? So what are A and B?

In addition, I use the built-in ApplicationPoolIdentity. Why can't IIS verify that this account has the correct physical path permissions? Why do I need to check this?

+62

iis

smwikipedia Mar 15 '11 at 3:12

source share

1 answer

Franci Penov · Accepted Answer · 2011-03-15 03:49

IIS typically uses a process identifier (the user account that runs the workflow as) to access secure resources such as a file system or network.

With pass-through authentication, IIS will try to use the actual user identity when accessing secure resources.

If the user is not authenticated, IIS uses the application pool identifier instead. If the pool ID is set to NetworkService or LocalSystem, the actual Windows account is the computer account.

The IIS warning you see is not an error, it is just a warning. The actual check will be performed at runtime, and if it failed, it will appear in the log.

What is pass-through authentication in IIS 7?

More articles: