Kerberos Authentication for IIS
Build
In Site Configuration -> Authentication, Enable Anonymous, ASP.NET Impersonation (if you need that) & Windows Authentication
Make sure AppPool is using integrated and not classic
On the same menu, click providers and make sure it only says Negoiate & NTLM
Create a service account which the apppool will be running as (e.g. web_service)
Give a SPN to that service account
setspn -a HTTP/servername.test.com web_service
Change Identity of Appool to use the new user (Advanced Options)
Go to Configuration Editor -> system.webServer-> security -> authentication -> windowsAuthentication and check usingPoolCredentials & useKernelMode
References
Last updated