PassportRequireADMapping Metabase Property (IIS 6.0)
The PassportRequireADMapping property specifies how IIS handles Microsoft .NET Passport authentication and Active Directory mapping.
By default, IIS 6.0 with .NET Passport authentication enabled tries to map the .NET Passport user to an account in Active Directory. This default behavior can create performance overhead for sites that do not accept .NET Passport Active Directory mapping. The mapping behavior can be controlled by the PassportRequireADMapping flag. The flag values are:
PassportRequireADMapping set to 0: IIS does not attempt Active Directory mapping. The request is handled as Anonymous User.
PassportRequireADMapping set to 1 (default setting): In this situation, the worker process must have TCB privileges (meaning, the worker process acts as part of the operating system). IIS then attempts to map to an Active Directory account (called LsaLogonUser). If this attempt fails, the request is handled as Anonymous User.
PassportRequireADMapping set to 2: IIS enforces a mapping from the .NET Passport account to an Active Directory account before returning the requested Web page. If the mapping fails, IIS returns a 401 error.
For more information, see Setting Up .NET Passport in IIS 6.0. Also, the AuthFlags Metabase Property contains the available settings for Windows authentication schemes and the file access authentication flags.
XML Data Type
WMI Data Type
ADSI Data Type
ABO Data Type
ABO Metabase Identifier
You can configure this property at the following locations in the IIS metabase.
For general code examples, see Code Examples to Configure Metabase Properties.