RE: UNC file share and NTLM user identity

• Previous message: Michael Leung: "UNC file share and NTLM user identity"
• In reply to: Michael Leung: "UNC file share and NTLM user identity"
• Next in thread: Bassel Tabbara [MSFT]: "RE: UNC file share and NTLM user identity"
• Reply: Bassel Tabbara [MSFT]: "RE: UNC file share and NTLM user identity"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: basselt@online.microsoft.com ("Bassel Tabbara [MSFT]")
Date: Mon, 07 Apr 2003 05:16:41 GMT

Hello Michael,
I will do more research on this and will provide you with a viable solution.

Thanks,
Bassel Tabbara
Microsoft, ASP.NET

This posting is provided "AS IS", with no warranties, and confers no rights.

--------------------
| Content-Class: urn:content-classes:message
| From: "Michael Leung" <kmleung@hec.com.hk>
| Sender: "Michael Leung" <kmleung@hec.com.hk>
| Subject: UNC file share and NTLM user identity
| Date: Sun, 6 Apr 2003 06:20:43 -0700
| Lines: 57
| Message-ID: <01ed01c2fc3f$53a88f10$a601280a@phx.gbl>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="iso-8859-1"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Thread-Index: AcL8P1OoE8DJP0gfTA+5GVVr9H8ANw==
| X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| Newsgroups: microsoft.public.dotnet.framework.aspnet.security
| Path: cpmsftngxa08.phx.gbl
| Xref: cpmsftngxa08.phx.gbl
microsoft.public.dotnet.framework.aspnet.security:4716
| NNTP-Posting-Host: TK2MSFTNGXA14 10.40.1.166
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
|
| Hi,
|
| I have used a wrong email address. This one belongs to my
| MSDN subscription. I do a re-post.
|
| All machines are in the same domain (AOL_DEV). I have a
| W2KAS running IIS having two web sites. port 80 points to
| c:\inetpub\wwwroot and port 81 points to \\192.168.8.1
| \fileshare\wwwroot\
|
| In both port 80 & 81, I have the following ASP page
| statement
| Welcomes <%=Request.ServerVariables("REMOTE_USER")%>
| It works fine. I get "Welcomes AOL_DEV\dcs4585"
|
| I followed Microsoft's document
| "http://msdn.microsoft.com/library/en-
| us/dnbda/html/authaspdotnet.asp" to create a domain
| account for .NET Process model in machine.config and
| impersonation in WEB.config. I granted that account TCB
| privilege. I used the local administration account for IIS
| UNC Token to create the WEB site.
|
| In both port 80 and 81, I have the following ASP.NET
| statements.
|
| Response.Write("You are : " +
| Context.User.Identity.Name.ToString() + "<BR>");
| Response.Write("Page run as : " +
| System.Security.Principal.WindowsIdentity.GetCurrent
| ().Name.ToString() + "<BR>");
| Response.Write("Root is : " +
| Request.PhysicalApplicationPath.ToString() + "<BR>");
|
| In Port 80, I get the following response:-
| You are : AOL_DEV\dcs4585
| Page run as : AOL_DEV\dcszcluster
| Root is : c:\inetpub\wwwroot\
|
| Unluckily in Port 81, I get the following response:-
| You are : DCSCS5\Administrator
| Page run as : AOL_DEV\dcszcluster
| Root is : \\192.168.8.1\fileshare\wwwroot\
|
| Questions?????
| The whole purpose of impersonation is to keep the original
| authenticated user's identity while executing in another
| user's privileges. The response from port 80 (without UNC
| file share) is correct but that from port 81 (with UNC
| file share) is not. I believe it is a bug.
|
| Imagine you have 20 NLBs for load balancing. Is it better
| to deploy the .NET application to one single UNC directory
| rather that to deploy it to 20 local machines?
|
| Michael Leung
|
|

• Previous message: Michael Leung: "UNC file share and NTLM user identity"
• In reply to: Michael Leung: "UNC file share and NTLM user identity"
• Next in thread: Bassel Tabbara [MSFT]: "RE: UNC file share and NTLM user identity"
• Reply: Bassel Tabbara [MSFT]: "RE: UNC file share and NTLM user identity"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]