Re: Impersonation/Delegation - Access files at other server
From: Kim Larsen (nospam@test.test)
Date: 08/23/02
- Next message: Ion: "Re: Impersonate and shared hosting"
- Previous message: Ronny Engen: "RSA?!"
- In reply to: Willy Denoyette [MVP]: "Re: Impersonation/Delegation - Access files at other server"
- Next in thread: Willy Denoyette [MVP]: "Re: Impersonation/Delegation - Access files at other server"
- Reply: Willy Denoyette [MVP]: "Re: Impersonation/Delegation - Access files at other server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Kim Larsen" <nospam@test.test> Date: Fri, 23 Aug 2002 04:36:04 -0700
Hi
I have tried to add the " Enable computer and user
accounts to be thrusted for delegation" policy to the
IVAM_computer_name user, but it doesn't seem work.
I still can't access the files on my fileserver...
I you have any other ideas, I would like to hear them.
But anyway, thanks for the help
/Kim
>-----Original Message-----
>Is the IIS machine account enabled for delegation?
>The ASPNET account should not have the " Enable computer
and user accounts to be thrusted for delegation", this
makes no sense as
>it's not an interactive account.
>
>Willy.
>
>"Kim Larsen" <nospam@test.test> wrote in message
news:71f201c249ef$8e2adba0$a4e62ecf@tkmsftngxa06...
>> Hi
>>
>> I have some problems accessing som files on a different
>> server though my ASP.Net application. My webserver and
>> fileserver is in the same domain.
>>
>> I use Windows Authentication on the IIS 5.0 server,
>> Anonymous access is turned off.
>>
>> I have tried to use impersonation, but it dosen't seem
to
>> work.
>>
>> I have turned on impersonation in the web.config and
>> machine.config files.
>>
>> e.g:
>> Web.config:
>> <identity impersonate="true" />
>>
>> Machine.config
>> <processModel ... comAuthenticationLevel="Connect"
>> comImpersonationLevel="Impersonate" .../>
>>
>> The account i'm logged on as, has the "Account is
thrusted
>> for delegation" flag set. The ACL on the fileserver is
>> set, so the account has access to the files i'm trying
to
>> access.
>>
>> In the localpolicy settings the ASPNET account is member
>> of the policy "Enable computer and user accounts to be
>> thrusted for delegation".
>>
>> My application works fine, when I'm accesing it locally
on
>> the webserver, but when I try to access the application
>> from different computers I get the access errors.
>>
>> // Error start//
>>
>> Access to the path "\\fileserver\test\userlist.txt" is
>> denied.
>> Description: An unhandled exception occurred during the
>> execution of the current web request. Please review the
>> stack trace for more information about the error and
where
>> it originated in the code.
>>
>> Exception Details: System.UnauthorizedAccessException:
>> Access to the path "\\fileserver\test\userlist.txt" is
>> denied.
>>
>> The ASP.NET process is not authorized to access the
>> requested resource. For security reasons the default
>> ASP.NET process identity is '{machinename}\ASPNET',
which
>> has limited privileges. Consider granting access rights
to
>> the resource to the ASP.NET process identity.
>>
>> To grant ASP.NET write access to a file, right-click the
>> file in Explorer, choose "Properties" and select the
>> Security tab. Click "Add" to add the "{machinename}
>> \ASPNET" user. Highlight the ASP.NET account, and check
>> the Write box in the Allow column.
>>
>> // Error end
>>
>>
>> Hope you can help me
>>
>> Kim Larsen
>>
>>
>>
>
>
>.
>
- Next message: Ion: "Re: Impersonate and shared hosting"
- Previous message: Ronny Engen: "RSA?!"
- In reply to: Willy Denoyette [MVP]: "Re: Impersonation/Delegation - Access files at other server"
- Next in thread: Willy Denoyette [MVP]: "Re: Impersonation/Delegation - Access files at other server"
- Reply: Willy Denoyette [MVP]: "Re: Impersonation/Delegation - Access files at other server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
