Pass-through authentication not working. IIS 7

Question

On IIS 7 I set up an application called \"XYZ\", and an application pool for it.

I set the identity of this application pool to a custom user, let\'s call it \"Mario

Answer 1

In addition to the existing answer, if you don't want to have the user challenged, IE security must be setup correctly in the user's browser for the target zone. In my case I wanted my local dev system to login without being challenged (automatic pass-through). The setting is in Internet Options->Security tab->Custom level..., at the bottom (make sure you selected the correct zone). My trusted sites zone was defaulted to Automatic logon only in Intranet zone. I changed it to Automatic logon with current user name and password for my trusted sites zone, and made sure my local machine name was in the trusted sites list (I use the local machine [pc] name instead of localhost in special cases).

Answer 2

The trick to getting this to work is to add 'Users' to the permissions. Set up IIS just like you have with NTLM as the top provider, Windows Authentication only enabled (you can get rid of the section in the web.config, all you need is <authentication="Windows" />) and add IIS_USRS and Users to the permission set.