Re: Troubleshoot Security Issues

From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 03/26/04

  • Next message: [MSFT]: "RE: C#: How do I orce a server to refresh its list of security groups from an Active Directory." 
    Date: Fri, 26 Mar 2004 13:44:34 +1100

    a) You can put a trace on the network -or- you can dump out all the values
    in the Request.ServerVariables() collection. If you see something like
    Auth_Type: Negotiate, then Kerberos was used. If you see something like
    Auth_Type: NTLM then NTLM was used.

    b) Is ASP.Net impersonating correctly? If you have <identity
    impersonate="true"> and set authentication to Windows then it should
    impersonate.

    c) Is delegation working correctly? I don't know. Why don't you tell us what
    you've done, and what's happening?

    Cheers
    Ken

    "Raterus" <raterus@localhost> wrote in message
    news:e$f2whqEEHA.3576@tk2msftngp13.phx.gbl...
    : What is the easiest way to troubleshoot security issues?
    :
    : I'm trying to set up a delegation secnario, which I wrote an question
    about
    : yesterday. Something isn't working in it, but I feel kind of helpless to
    : even know if what I think I set up is actually what is happening in the
    : background. For instance, i'm trying to get my asp.net application to
    : delegate to another computer to be able to access files on a network
    share.
    : How do I really know my browser is authenticating with Kerberos?, Is
    asp.net
    : impersonating correctly, when it accesses this network share, is
    delegation
    : working correctly?. Lots of issues like this, what is the best way to
    look
    : at this information?
    :
    :

  • Next message: [MSFT]: "RE: C#: How do I orce a server to refresh its list of security groups from an Active Directory."

    Relevant Pages

    • Re: access to network file server through web server denied
      ... Before I check with the network team to ... see whether the network has been configured with "Delegation", ... On our local developer's web server (It can be IIS 5 on Windows XP ...
      (microsoft.public.inetserver.iis.security)
    • Re: LsaLogonUser - access to network resources
      ... target services must be specified. ... setting in AD U&C and you must configure constrained delegation. ... > and I managed to get access to the same network resources using ... > logon on that machine (Ctrl-Ald-Del and logon as domain user with the same ...
      (microsoft.public.platformsdk.security)
    • Re: Listing files on network share
      ... If delegation isn't working in your environment, ... One solution is to run the ASPNET worker process under a domain ... network hop. ... >a network shre be displayed on the site. ...
      (microsoft.public.dotnet.framework.aspnet)
    • Re: impersonate/delegate problem
      ... you don't have delegation so I'm not sure if you have ... > webserver from within AD users and computers) to pass the ... > on our production network. ... > request process from ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • Re: Event log shows NTLM not Kerberos
      ... so this is for a network login. ... Authentication Package: NTLM ... Authentication Package NTLM not Kerberos? ...
      (microsoft.public.security)