Configuring UNC Authentication

UNC authentication allows you to configure IIS to use a specified user account when accessing resources on a remote share. When creating a virtual directory (or web application) that points to a UNC (Universal Naming Convention) share, credentials can be provided for accessing that share. If no credentials are provided, then IIS 8.0 will attempt to use the currently impersonated user. The currently impersonated user may be:

• The application pool's user identity (if Anonymous authentication is being permitted). If the application pool's identity is Network Service, then the machine account (machinename$) is used.
• The authenticated end user's account is used, if Basic authentication is used.
• The web application pool's user account if Digest or NTLM authentication is used. For these two authentication mechanisms, IIS 8.0 does not have the user's password and therefore is unable to authenticate as the user to the remote resource unless protocol transition is configured and enabled (see the section, “Configuring Protocol Transition,” below in this chapter).
• The authenticated end user if Kerberos authentication is used and delegation is configured (see the “Configuring Delegation” section later in this chapter). Otherwise, if delegation is not configured or fails, the access will be by the user account hosting the web application pool.

To configure UNC authentication: