Joseph
Tue Aug 12 13:36:23 CDT 2003
Apparently last night I missed the first half of my story.
Basically I setup IISADMPWD like you would have on previous versions of IIS.
Create a web application pointing to the
c:\windows\system32\inetserv\iisadmpwd directory.
And then set the appropriate meta data.
"Joseph E Shook" <JoeShook@DeploymentCentric.com> wrote in message
news:%23$w5e0JYDHA.652@tk2msftngp13.phx.gbl...
> PasswordChangeFlags = 0. The settings I included earlier where already
set.
> Of course the new IISADMPWD is in the default application pool.
>
> Now I come along and install two web applicatons. Lets call them WebAppX
> and WebAppY. Each of these applications are in there own application
pool,
> lets call them AppPoolX and AppPoolY respectively. In this configuration
> the automatic redirect of a user under an expiring password condition will
> not redirect to the IISADMPWD application. If I move IISADMPWD into the
> AppPoolX pool then when you connect to the WebAppX application with a user
> under an expiring password condition the redirect happens as expected. So
I
> think that may tell the story a bit better. My test web sites use\
> Integrated security only. I run Internet Explorer using the runas
technique
> with a user that does not have access to the web application. I configure
> the roles to the application via the web.config. When I am challenged for
> credentials I enter the user with the expired password.
>
>
> You know maybe the metadata settings like AuthExpiredURL should point to a
> fully qualified domain like
http://domainname/IISADMPWD//iisadm/achg.asp.
> Well that is enough for tonight. Thanks.
>
>
> "Chris Adams (MSFT)" <chrisad@online.microsoft.com> wrote in message
> news:en6MuUJYDHA.2204@TK2MSFTNGP12.phx.gbl...
> > Hey ~
> >
> > I think I followed what you are trying to do, but I could be wrong.
> > However, the problem is that Microsoft has not tested changing any of
> these
> > properties in the metabase. In short, you are diving into unchartered
> > territory and I would like to know better what you are doing so I can
> > reproduce as we haven't tested this scenario well enough to know if this
> > will work...
> >
> > Look forward to hearing from you...
> >
> > --
> > ~Chris (MSFT)
> > IIS Supportability Lead
> >
> > This posting is provided "AS IS" with no warranties, and confers no
rights
> > "Joseph E Shook" <JoeShook@DeploymentCentric.com> wrote in message
> > news:#IX8keEYDHA.1620@TK2MSFTNGP12.phx.gbl...
> > > I have enabled the Change Password Flags on my IIS 6.0 web server. It
> > works
> > > as expected if the Web Application if Interest is running in the same
> App
> > > Pool as the IISADMPWD application. So if I run my web app in the
> Default
> > > Application Pool then I am redirected to the IISADMPWD application
when
> my
> > > password expires. If I run my web app in it's own Application Pool
> > > (AppPoolX) and also run the IISADMPWD application in AppPoolX then it
> > > functions as expected. My problem is comes down to the fact that I
have
> 3
> > > intranet applications that all require the same change password
> > > functionality. When I run the two in seperated app pools I receive a
> 403
> > > Access is denied page. I wonder is there some way to make this work
> > besides
> > > creating individual web instances for each of these three web
> > applications?
> > >
> > > Remembe that the location of each of the files with in the IISADMPWD
are
> > > defined at the /W3SVC level of the metadata.
> > > For example:
> > >
> > > AuthChangeURL = /iisadm/achg.asp
> > > AuthExpiredURL = /iisadm/aexp.asp
> > > AuthNotifyPwdExpURL = /iisadm/anot.asp
> > > AuthExpiredUnsecureURL = /iisadmpwd/aexp3.asp
> > > NotifyPwdExpUnsecuredURL = /iisadmpwd/anot3.asp
> > >
> > > Turning on and off the change password functionality if controlled at
> the
> > > /W3SVC/[n] level.
> > > For example:
> > > PasswordChangeFlags = 0 [bitmask of the following three parts]
> > > AuthChangeUnsecure
> > > AuthChangeDisable
> > >
> > > AuthAdvNotifyDisable
> > > PasswordExpirePrenotifyDays
> > >
> > >
> > >
> >
> >
>
>