在IIS 7我成立了一个名为XYZ的应用程序，并为它的应用程序池。

On IIS 7 I set up an application called "XYZ", and an application pool for it.

我设置应用程序池的自定义用户的身份，姑且称之为马里奥。

I set the identity of this application pool to a custom user, let's call it "Mario".

马里奥NTFS访问到文件夹/文件，其中XYZ指向（远程共享）。

Mario has NTFS access to the folder/files in which XYZ points to (remote share).

在XYZ身份验证设置，只有Windows认证功能：

In the XYZ authentication settings, only windows authentication is enabled:

在提供商windows身份验证，唯一NTLM是活动：

In the providers for windows authentication, only NTLM is active:

有关XYZ物理路径证书设置为应用程序的用户/直通：

Physical path credentials for XYZ are set to application user / pass-through:

所以，问题是，当我去 http://server.com/XYZ 我得到的挑战（这是可以预料的），但我什么都无所谓，我把，它看起来像身份验证令牌不被接受，并且浏览器再次挑战我。

So the problem is, when I go to http://server.com/XYZ I get challenged (which is to be expected), but I does not matter what I put in, it looks like the authentication token is not accepted, and the browser challenges me again.

我已经看过日志，Active Directory和请求来通过，但即使当用户成功验证了浏览器再次挑战。

I have looked at logs for Active Directory and the requests are coming through, but even when the user is successfully authenticated the browser challenges again.

下面是我们的目标：让目录列表，而是充分利用了NTFS访问权限的用户提供的凭据。现在我无法得到那个工作。谢谢！

下面是Web.config文件：

Here's the Web.config file:

推荐答案

诀窍得到这个工作是添加用户的权限。设置IIS就像你有NTLM的顶级供应商，Windows身份验证才启用（你可以摆脱在web.config中的部分，你需要的是＆LT;身份验证=的Windows/ ＆GT; ），并添加IIS_USRS和用户的权限集

The trick to getting this to work is to add 'Users' to the permissions. Set up IIS just like you have with NTLM as the top provider, Windows Authentication only enabled (you can get rid of the section in the web.config, all you need is <authentication="Windows" />) and add IIS_USRS and Users to the permission set.