Re: Impersonation/Delegation - Access files at other server
From: Willy Denoyette [MVP] (willy.denoyette@pandora.be)
Date: 08/22/02
- Next message: Patrick C. Cole: "RE: HttpClientCertificate IsValid method"
- Previous message: John Saunders: "Forms Authentication: Storing UserData in the "FormsCookieName" Cookie"
- In reply to: Kim Larsen: "Impersonation/Delegation - Access files at other server"
- Next in thread: Kim Larsen: "Re: Impersonation/Delegation - Access files at other server"
- Reply: Kim Larsen: "Re: Impersonation/Delegation - Access files at other server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Willy Denoyette [MVP]" <willy.denoyette@pandora.be> Date: Thu, 22 Aug 2002 18:28:34 +0200
Is the IIS machine account enabled for delegation?
The ASPNET account should not have the " Enable computer and user accounts to be thrusted for delegation", this makes no sense as
it's not an interactive account.
Willy.
"Kim Larsen" <nospam@test.test> wrote in message news:71f201c249ef$8e2adba0$a4e62ecf@tkmsftngxa06...
> Hi
>
> I have some problems accessing som files on a different
> server though my ASP.Net application. My webserver and
> fileserver is in the same domain.
>
> I use Windows Authentication on the IIS 5.0 server,
> Anonymous access is turned off.
>
> I have tried to use impersonation, but it dosen't seem to
> work.
>
> I have turned on impersonation in the web.config and
> machine.config files.
>
> e.g:
> Web.config:
> <identity impersonate="true" />
>
> Machine.config
> <processModel ... comAuthenticationLevel="Connect"
> comImpersonationLevel="Impersonate" .../>
>
> The account i'm logged on as, has the "Account is thrusted
> for delegation" flag set. The ACL on the fileserver is
> set, so the account has access to the files i'm trying to
> access.
>
> In the localpolicy settings the ASPNET account is member
> of the policy "Enable computer and user accounts to be
> thrusted for delegation".
>
> My application works fine, when I'm accesing it locally on
> the webserver, but when I try to access the application
> from different computers I get the access errors.
>
> // Error start//
>
> Access to the path "\\fileserver\test\userlist.txt" is
> denied.
> Description: An unhandled exception occurred during the
> execution of the current web request. Please review the
> stack trace for more information about the error and where
> it originated in the code.
>
> Exception Details: System.UnauthorizedAccessException:
> Access to the path "\\fileserver\test\userlist.txt" is
> denied.
>
> The ASP.NET process is not authorized to access the
> requested resource. For security reasons the default
> ASP.NET process identity is '{machinename}\ASPNET', which
> has limited privileges. Consider granting access rights to
> the resource to the ASP.NET process identity.
>
> To grant ASP.NET write access to a file, right-click the
> file in Explorer, choose "Properties" and select the
> Security tab. Click "Add" to add the "{machinename}
> \ASPNET" user. Highlight the ASP.NET account, and check
> the Write box in the Allow column.
>
> // Error end
>
>
> Hope you can help me
>
> Kim Larsen
>
>
>
- Next message: Patrick C. Cole: "RE: HttpClientCertificate IsValid method"
- Previous message: John Saunders: "Forms Authentication: Storing UserData in the "FormsCookieName" Cookie"
- In reply to: Kim Larsen: "Impersonation/Delegation - Access files at other server"
- Next in thread: Kim Larsen: "Re: Impersonation/Delegation - Access files at other server"
- Reply: Kim Larsen: "Re: Impersonation/Delegation - Access files at other server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
