Hello,
I am creating an IIS site that does pass through authentication based on users Windows account that they are currently logged into the domain on to a DFS Share in our domain. I am having an issue where directory browsing does not work on an IE browser unless the directory is opened inside of IIS. It will continue to work until the server hosting IIS is restarted.
Here is my configuration:
Windows Server 2012 Standard
Wed Server (IIS) installed with all defaults
Authentication: Basic, Digest, and Windows
I created a root site that has a simple landing page with links to DFS Directories on our network DFS Share a Windows file server.
This top level site just uses Anonymous authentication.
On the default page, just a simple HTML page, there is a link to a share \\companydfsshare\files that is hyperlinked.
I created an Application called Files with Windows Authentication enabled and all other authentication is disabled. Windows Authentication is configured with Extended Protection: Off and the only Provider is setup as Negotiate, all other providers removed.
In Advanced Settings... Physical Path is set to \\companydfsshares\files, Physical Path Credentials Logon Type: Network, and the virtual path is /files.
I also created a separate Application Pool with No Managed Code and Managed Pipeline: Basic configured and assigned it to the root site and also to the Files Application in IIS. This application pool is configured with a service account with domain access.
I created SPN accounts for http/iis-server.domain.local domain\serviceaccount and http/iis-server domain\serviceaccount.
The accounts for the domain\serviceaccount and the iis-server objects both have Delegation: Trust this user for delegation to specified services only, Use any authentication protocol: cifs fileserver1, fileserver2, fileserver3.
Please let me know if you need any further information. Thanks in advance for the help.
RB