IIS ARR pass-through Windows authentication does not work

authentication iis windows-authentication arr

Solution 1:

I finally found a solution for us:

Since we don't have the requirement for "multi-hop" authentication (=kerberos) I was able to force NTLM. On the web server under auhtentication (site) I changed the providers for Windows Authentication and removed everything but NTLM. So NTLM is the only available way for authentication.

On the ARR I changed everything back to the original settings and enabled anonymous access only. Then ARR is able to pass-through the authentication to the web server.

In my opinion Microsoft has a bug in the Kerberos handling and it does not depend on whether the authentication is proceeded in ther Kernel or by the ARR.

Related

Point a Server Using Domain From Windows Server 2016 [closed]
virt-viewer not starting up correctly
ad-hoc $ ansible -u root Permission denied
How can I track user requests to my external API on AWS?
site to site routed tunnels using Strongswan VTI. Marking
Can squid cache for https requests?
Showing this equality holds
Problem 12 at Section 5.3 in Bartle and Sherbert's books on Real Analysis
Division by zero.
A submersion $f: S^2 \rightarrow \mathbb{R}^2$
Problems approaching the Brachistochrone problem
Question on Absolute continuity, bounded variation and Lipschitz continuity