Wednesday, April 22, 2009

IIS Integrated Authentication Gets Wrong User

Here's an interesting scenario we just went through and I thought I would share in case anyone else is searching for a fix to a similar issue... I recently wrote a set of web pages and cgi scripts for deploying OSB10gR3, WLI 9.2.2 and ALDSP3.0.1 assets from a web page. The idea is that developers can install assets to development themselves (without giving full admin access to the consoles) and not have to wait on the Middleware team to do installs for them. Part of the code checks the user that is hitting the page and validates they are authorized to run the install scripts in the environment they are trying to install to... The web pages are running in IIS Version 6.0 and I have Authenticated Integration enabled. The scripts worked great, except for 1 person, who was somehow hitting the page with a different userid than the one they were logged into Windows with... Turns out... We logged into his Windows XP machine and opened "User Accounts" in the Control Panel for his PC. Under the "Advanced" tab, there was an account set up for connecting to the specific server my pages are running on with the account name we saw when he tried hitting my web pages. We removed this entry, and tried hitting the page again (no reboot required) and the page recognized him as the corrct user. Simple fix, but it took a little while for us to find it.

No comments: