Re: integrated login and folder permissions

• Previous message: fuzzyreality_at_gmail.com: "Re: integrated login and folder permissions"
• In reply to: Paul Clement: "Re: integrated login and folder permissions"
• Next in thread: fuzzyreality_at_gmail.com: "Re: integrated login and folder permissions"
• Reply: fuzzyreality_at_gmail.com: "Re: integrated login and folder permissions"
• Reply: Paul Clement: "Re: integrated login and folder permissions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 13 Oct 2005 13:55:32 -0700

Hello Paul,

the FileAuthorizationModule which does the access checking for disk files
(when <authentication mode="Windows" /> is set) uses the windows token that
resulted in IIS integrated authentication. Turning impersonation on for this
to work is NOT required.

the domain users need at least read privileges for the files that should
be accessible to them.

another option is to set resource permissions in web.config by using a <authorization>
element.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> On 13 Oct 2005 09:07:35 -0700, fuzzyreality@gmail.com wrote:
>
> ¤ I am running and asp.net site with IIS6.0. I have integrated login
> ¤ turned on and it works fine for all our users. However, I am trying
> to
> ¤ prevent all but specific groups of users from having access to
> specific
> ¤ folders on the website.
> ¤ I tried doing this by setting the permissions on the folders to no
> ¤ avail. I read that I may have to turn on impersonation, so I set
> that
> ¤ to true, but did not specify an account. Still no luck.
> ¤ Am I missing something here?
> Well yes if you're limiting access to specific users you need to
> enable impersonation so that NTLM can validate credentials per user
> for your file resources. You should then be able to enable group level
> security at the folder level by setting the appropriate access for
> those folders. I'm assuming at this point that these folders are local
> to the web server.
>
> Paul
> ~~~~
> Microsoft MVP (Visual Basic)

• Previous message: fuzzyreality_at_gmail.com: "Re: integrated login and folder permissions"
• In reply to: Paul Clement: "Re: integrated login and folder permissions"
• Next in thread: fuzzyreality_at_gmail.com: "Re: integrated login and folder permissions"
• Reply: fuzzyreality_at_gmail.com: "Re: integrated login and folder permissions"
• Reply: Paul Clement: "Re: integrated login and folder permissions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Access Network Share from inside an application. ... permissions on the share, and full permissions on the Files and Folders held ... After Impersonation I am able to ... The code module that creates an Excel.Application object and opens the file ... (microsoft.public.dotnet.languages.vb) Re: File Permissions, write but not delete ... Are you using integrated authentication and impersonation? ... Scott ... >I'm trying to set up a group of shared folders. ... >I have tried changing the effective permissions by giving the specified ... (microsoft.public.dotnet.framework.aspnet)