We have a new IIS app (8.5 on server 2012 R2).Some of the links on the site forward to files stored on a DFS (AD Integrated) share.
The setup is : IIS 8.5 --> Two DFSN servers --> File server (all Server 2012 R2)
I've configured Kerberos and confirmed that the users are connecting and signing in with it.
It looks like it is always falling back to NTLM as I'm prompted for a username and password when I click any of those files.
Funny thing is, if I cancel that login prompt, the file will still open!!
I've configured IIS for ASP .Net impersonation and from what I can see all of my settings are correct. It just looks like for the DFS redirection, Kerberos is not working.
EDIT: Just to clarify the question : Is there something specific that needs to be done to allow the passthrough of Kerberos to a DFS namespace from IIS?
All servers (IIS, both DFS Namespace servers and the file server have delegation enabled).
The problem is that from the web front end it looks like it is working as required. It's actually a Silverlight application so it's IE only.
So the process is:
- Go to site
- Browse to list
- Click a link to a file
- Get the 'Open /save / save as' popup
- Click 'Open'
- Wait a few seconds and then the login popup
- Cancel login
- File opens
