Authentication and Authorization

This blog is about Authentication and authorization, in particular Kerberos on IIS 7.0 and later.

Browse by Tags

Tagged Content List
  • Blog Post: How to name a SPN (part 2)

    As you learned last time, the full syntax of SPN name is: service class/host [: port [/ service name ]] Today I will be talking about port. Port number is an optional qualifier that you can use to ensure that the SPN is unique in the forest. The default port number for a http request is 80 ...
  • Blog Post: How to name a SPN

    As previously stated, a SPN is a kind of alias for a domain account. You can have many SPN for a single domain account, but the SPN must be unique in the forest. The name consists of two mandatory parts ( service class and host ) and two optional parts ( port and service name ). The full syntax...
  • Blog Post: System.Data.SqlClient.SqlException: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGIN'

    Depending on how you installed SQL Server you may receve an SqlException -2146232060 when you are connecting to SQL Server from the web server using the credentials of the end user. One probably reason could be an error in the SPN registration. During installation of SQL Server you need to decide...
  • Blog Post: Kernel-mode authentication

    First a short explanaition on how the Kerberos ticket is encrypted: The client application (e.g. a web browser) is requesting a Kerberos ticket from the Domain Controller (KDC). As part of the communication with the DC, the client is sending the SPN for the service The DC find the domain account...
Page 1 of 1 (4 items)