|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Access Denied connecting to remote share through IISpulls the document from a file share on another server. I continue to get the IIS credentials prompt and process monitor shows this: Operation: Create File Result: Access Denied Path: \\server\ITContent\Active\06\59\65\DTA System Design Access: Generic Read Disposition: Open Options: Attributes: RE ShareMode: Read, Write, Delete AllocationSize: n/a Impersonating: Domain\Username The web server itself is using Integrated Auth only. I have verified that I have full control on the file share as well as the network service which is running the application pool, system, everyone, etc. No matter how i set the permissions i still get this access denied message in process explorer. Can anyone point me in a direction to troubleshoot this thing? Thanks. This is the classic double-hop scenario, and failure for Integrated
Authentication (NTLM protocol) is by-design. Ways to get it to work are: 1. Configure IIS to use Kerberos on the backend and setup Constrained Delegation. If Webserver is IIS5/W2K, you also need to use Kerberos to authenticate to the frontend Web Application. 2. Configure IIS to use Basic authentication. This weakened protocol allows implicit delegation 3. Use Custom Authentication which works like #2 but with proprietary protocol. The reason this fails is simple. Just because a user authenticates to the frontend web application does NOT mean the web application can use that user's credential to contact their bank and withdraw all their money IN THEIR NAME. The user should control who has access to impresonate them, and the bank should be able to control who they trust. //David http://w3-4u.blogspot.com http://blogs.msdn.com/David.Wang Hrocks wrote: Show quoteHide quote > I am accessing a document through a front end web application. The access > pulls the document from a file share on another server. I continue to get the > IIS credentials prompt and process monitor shows this: > > Operation: Create File > Result: Access Denied > Path: \\server\ITContent\Active\06\59\65\DTA System Design > Access: Generic Read > Disposition: Open > Options: > Attributes: RE > ShareMode: Read, Write, Delete > AllocationSize: n/a > Impersonating: Domain\Username > > The web server itself is using Integrated Auth only. I have verified that I > have full control on the file share as well as the network service which is > running the application pool, system, everyone, etc. No matter how i set the > permissions i still get this access denied message in process explorer. Can > anyone point me in a direction to troubleshoot this thing? Thanks. 
Other interesting topics
aspnet_isapi.dll security limit access to all but 1 file
inhability to display http://localhost How do I make a local machine client certificate available to all users? NTLM Authentication on IIS 6.0 access to network file server through web server denied [IIS 5] Homemade cert and SSL Security while publishing an website in Frontpage _Address IIS Access Control Disable serverobject |
|||||||||||||||||||||||
