Re: Impersonation/Delegation - Access files at other server

From: Willy Denoyette [MVP] (willy.denoyette@pandora.be)
Date: 08/23/02 

From: "Willy Denoyette [MVP]" <willy.denoyette@pandora.be>
Date: Fri, 23 Aug 2002 16:12:25 +0200

That's not what I said, you have to trust the MACHINE account for delegation for the server running an instance of IIS, this has to
be done at the Domain Controler using "Active Directory Users and Computers".

Willy.

"Kim Larsen" <nospam@test.test> wrote in message news:78cb01c24a99$435ceb90$9ee62ecf@tkmsftngxa05...
> Hi
>
> I have tried to add the " Enable computer and user
> accounts to be thrusted for delegation" policy to the
> IVAM_computer_name user, but it doesn't seem work.
> I still can't access the files on my fileserver...
>
>
> I you have any other ideas, I would like to hear them.
>
> But anyway, thanks for the help
>
> /Kim
>
>
> >-----Original Message-----
> >Is the IIS machine account enabled for delegation?
> >The ASPNET account should not have the " Enable computer
> and user accounts to be thrusted for delegation", this
> makes no sense as
> >it's not an interactive account.
> >
> >Willy.
> >
> >"Kim Larsen" <nospam@test.test> wrote in message
> news:71f201c249ef$8e2adba0$a4e62ecf@tkmsftngxa06...
> >> Hi
> >>
> >> I have some problems accessing som files on a different
> >> server though my ASP.Net application. My webserver and
> >> fileserver is in the same domain.
> >>
> >> I use Windows Authentication on the IIS 5.0 server,
> >> Anonymous access is turned off.
> >>
> >> I have tried to use impersonation, but it dosen't seem
> to
> >> work.
> >>
> >> I have turned on impersonation in the web.config and
> >> machine.config files.
> >>
> >> e.g:
> >> Web.config:
> >> <identity impersonate="true" />
> >>
> >> Machine.config
> >> <processModel ... comAuthenticationLevel="Connect"
> >> comImpersonationLevel="Impersonate" .../>
> >>
> >> The account i'm logged on as, has the "Account is
> thrusted
> >> for delegation" flag set. The ACL on the fileserver is
> >> set, so the account has access to the files i'm trying
> to
> >> access.
> >>
> >> In the localpolicy settings the ASPNET account is member
> >> of the policy "Enable computer and user accounts to be
> >> thrusted for delegation".
> >>
> >> My application works fine, when I'm accesing it locally
> on
> >> the webserver, but when I try to access the application
> >> from different computers I get the access errors.
> >>
> >> // Error start//
> >>
> >> Access to the path "\\fileserver\test\userlist.txt" is
> >> denied.
> >> Description: An unhandled exception occurred during the
> >> execution of the current web request. Please review the
> >> stack trace for more information about the error and
> where
> >> it originated in the code.
> >>
> >> Exception Details: System.UnauthorizedAccessException:
> >> Access to the path "\\fileserver\test\userlist.txt" is
> >> denied.
> >>
> >> The ASP.NET process is not authorized to access the
> >> requested resource. For security reasons the default
> >> ASP.NET process identity is '{machinename}\ASPNET',
> which
> >> has limited privileges. Consider granting access rights
> to
> >> the resource to the ASP.NET process identity.
> >>
> >> To grant ASP.NET write access to a file, right-click the
> >> file in Explorer, choose "Properties" and select the
> >> Security tab. Click "Add" to add the "{machinename}
> >> \ASPNET" user. Highlight the ASP.NET account, and check
> >> the Write box in the Allow column.
> >>
> >> // Error end
> >>
> >>
> >> Hope you can help me
> >>
> >> Kim Larsen
> >>
> >>
> >>
> >
> >
> >.
> >

Relevant Pages

  • RE: SOME Users cannot access OWA others do, error HTTP 500
    ... I understand that some account access OWA ... IIS 6.0 compression corruption causes access violations ... compressed copy of the affected files on the SBS server: ...
    (microsoft.public.windows.server.sbs)
  • Re: Virtual Directory - Permission Denied with fso CopyFile
    ... TestUser (normal user account with same credentials on all machines). ... I logged into the IIS server as vdirUser and simply typed ... open and I had read and write permissions to the share. ... I logged off and back into the IIS server as the administrator and deleted ...
    (microsoft.public.inetserver.iis)
  • Re: Windows (Trusted) Authentication and SQL Server
    ... I can still run the application when logged in locally to the IIS machine, ... > The account whose credentials are being delegated must be a domain account ... > be marked in Active Directory as trusted for delegation. ... > Server) does not need to be marked as trusted. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: Access denied ( From one site to another, that is in another server)
    ... You are running into a delegation issue here. ... remote resources on behalf of the client. ... from a one server to get to another server, the account credentials must be ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: Anybody seen this error?
    ... This error is caused when the IIS common files fail when making ADSI calls ... account doesn't have the correct access to the IIS metabase. ... I (Admin) have a separate administrative account with all rights. ... | Active Directory Services cannot find the web server. ...
    (microsoft.public.dotnet.framework.aspnet)