Kernel-mode authentication with a domain account

You may know that kernel-mode authentication is faster then user-mode authentication. You also may know that when you have a webfarm, network service isn’t the “user” you can use for kernel-mode authentication. With thew following command you can configure that the application pool user is used for kernel-mode authentication.

%windir%\system32\inetsrv\appcmd.exe set config -section:system.webServer/security/authentication/windowsAuthentication -useAppPoolCredentials:true

This wil result in the following configuration in the applicationHost.config

<system.webServer>
   <security>
      <authentication>
         <windowsAuthentication enabled="true" useAppPoolCredentials="true" />
      </authentication>
   </security>
</system.webServer>

You can configure this at the webserver/website/application level.

WCF Services and multiple bindings

.Net 4.0 has a nice improvement I want to share with you. Where in the past is was tricky to configure services with multiple bindings, now is become easier.

Just add the following to your application web.config:

<system.serviceModel>
  <serviceHostingEnvironment  multipleSiteBindingsEnabled=”true”>
<system.serviceModel>

And configure your IIS bindings on your site and your all set.