2

To simplify my problems i am basically trying to setup an ASP.NET MVC 3 website that will allow users to view work items assigned to them. i have the website views and controllers working. the problems occur when i try to deploy to IIS running on my machine (Win 7). the Windows Authentication used to identify the user and access tfs are not passed through to the webpage automatically as it asks them to login (i do not want this). the Authentication on IIS only has Windows Auth enabled and the web.config has 

<authentication mode="Windows" />
<identity impersonate="true" />
<customErrors mode="Off" />

<authorization>
  <deny users ="?" />
  <allow users ="*" />
</authorization>

does anybody know why this would not work.

Cheers

harryovers
  • 3,087
  • 2
  • 34
  • 56
  • What is the hostname of the website? More specifically: is it one you've created by editing the hosts file? – Matt Aug 04 '11 at 16:44
  • there is no hostname as it will be running on my machine and used in the our office at work accessed throught the ip address of the machine. – harryovers Aug 04 '11 at 16:49
  • hmm.. well, I have a suggestion but it might not be what you're looking for. – Matt Aug 04 '11 at 16:51

2 Answers2

4

By default, ASP.NET impersonation is disabled. If you enable impersonation, your ASP.NET application runs under the security context of the user authenticated by IIS 7. See Configure ASP.NET Impersonation Authentication. Constrained Delegation via Kerberos is the only way to flow impersonated credentials to a second host. You can get around this by deploying your web application on the TFS App Tier and configuring its app pool to run as the same identity as the TFS web services.

Jim Lamb
  • 25,355
  • 6
  • 42
  • 48
  • Is there any other alternative to this other than Delegation via Kerberos or hosting it on the same server as that of the TFS? – Manoj Reddy Sep 20 '16 at 12:56
0

You may want to have a look at this MS KB article. I had a similar problem, but around development box hostnames, and this worked for me: http://support.microsoft.com/kb/896861

Matt
  • 884
  • 5
  • 14
  • i read this (http://stackoverflow.com/questions/1327207/site-with-windows-authentication-sometimes-gives-password-prompt/1327373#1327373) answer and that fixed part of the problem. the users credentials are no getting passed to tfs now and an error shows saying "TF30063: You are not authorized to access " – harryovers Aug 04 '11 at 16:58
  • @harryovers : Were you able to resolve this somehow? – Manoj Reddy Sep 20 '16 at 12:57
  • @jonamreddy I believe I did solve it but it was five years ago so I have no idea what I did – harryovers Sep 21 '16 at 12:49