Re: Impersonation and accessing Windows file share
- From: "Joe Kaplan \(MVP - ADSI\)" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 31 Mar 2006 12:52:12 -0600
My understanding is that this is correct. However, in this case she was
calling LogonUser explicitly to use a service account to access the file
share. From what I can tell by the docs, you can't use LOGON_NETWORK for
that type of logon as it doesn't cache credentials.
I'm not actually sure what happens when you do Kerberos auth with IWA,
except that I assume that IIS calls AcceptSecurityContext instead of
LogonUser and something different happens under the hood. I really don't
know what the mechanics of those differences are.
In any event, it seems to have worked... :)
Joe K.
"Dominick Baier [DevelopMentor]" <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message news:4580be631992128c82307beee8adb@xxxxxxxxxxxxxxxxxxxxx
correct me if i am wrong - but when delegation is configured, NETWORK
logons do have network credentials ??!
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
I think I see your problem. You are using LOGON32_LOGON_NETWORK, but
if you read the docs for LogonUser in MSDN carefully, you'll see that
this type of logon doesn't have network credentials. You probably
should switch to LOGON32_LOGON_NETWORK_CLEARTEXT.
Joe K.
.
- References:
- Re: Impersonation and accessing Windows file share
- From: Joe Kaplan \(MVP - ADSI\)
- Re: Impersonation and accessing Windows file share
- From: Dominick Baier [DevelopMentor]
- Re: Impersonation and accessing Windows file share
- Prev by Date: Re: Impersonation and accessing Windows file share
- Previous by thread: Re: Impersonation and accessing Windows file share
- Next by thread: Re: Impersonation and accessing Windows file share
- Index(es):
Relevant Pages
|
|
