Re: Win 2003 svr/ASP.NET 2.0 UNC share

what do you type into IE to open the web app?


-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

Sorry - didn't see the article yesterday :-P

Excellent article - steped through the troubleshooting part
- seems the two servers are negotiating NTLM between them....
- seems the client and webserver also negotiated NTLM
Do you have any ideas on how the SPN should be setup?

The webserver hosting the app is running IIS6 under the "Network
Service"
account and is called web1.mydomain.com
Used LDP to find these SPN's already configured:
servicePrincipalName: SMTPSVC/WEB1; SMTPSVC/STRA-WEB1.mydomain.com;
HOST/WEB1; HOST/WEB1.mydomain.com;
Pretty much the same with the filesharing server only the name is
web2:

Regards,
Roger
"Dominick Baier" <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote
in message news:51eb3048f4a98c95ed3bb39c0a0@xxxxxxxxxxxxxxxxxxxxx

you haven't read the article, did you?

Are you sure your SPNs are setup correctly - are you REALLY using
Kerbers (check the security event log of the web server for logon
events - which authentication package to you see?)

-----
Dominick Baier (http://www.leastprivilege.com)
Developing More Secure Microsoft ASP.NET 2.0 Applications
(http://www.microsoft.com/mspress/books/9989.asp)

Thanks Dominick,

1. The web server is a win2003/iis 6 box - same with the box I've
setup the share on for test purposes - both members of our domain

2. I am impersonating an using a domain account to access the site.

3. The site is setup with "Integrated auth"

4. The DC is running as "Windows 2000 native" at the domain
functional level

5. The webserver hosting the app is setup as "Trust computer for
delagation"

Still doesn't work - what is the last piece of the puzzle -
anyone.....?? :-)

Roger

"Dominick Baier" <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message
news:51eb3048f4808c95ea322af0140@xxxxxxxxxxxxxxxxxxxxx

well - if you are impersonating _and_ acccessing a remote resource
- this is called delegation and works only under specific pre-reqs:

- Kerberos authentication (which implies a domain environment) -
Delegation is set up (which is not the default)

have a look here:

http://msdn.microsoft.com/msdnmag/issues/05/09/SecurityBriefs/defau
lt .aspx

-----
Dominick Baier (http://www.leastprivilege.com)
Developing More Secure Microsoft ASP.NET 2.0 Applications
(http://www.microsoft.com/mspress/books/9989.asp)
I do impersonate. Testing with my own account - and it does have
more than sufficient permissions.

"Alexey Smirnov" <alexey.smirnov@xxxxxxxxx> wrote in message
news:1178308306.449322.237080@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx On
May 4, 2:33 pm, "Langedal, Roger" <rogla...@xxxxxxxxxxx> wrote:

I'm trying to setup a simple test on writing to a file on an UNC
share
from
an asp.net 2.0 webpage. This is whats happing in default.aspx:
-----------------------------------------------------------------
--
--
------­-------- Dim path As String = "\\remoteserver\testshare"
Response.Write(User.Identity.Name)
My.Computer.FileSystem.WriteAllText(path & "\myfile.txt", "life's
good", True)
-----------------------------------------------------------------
-- -- ------­--------

impersonation is enabled and windows auth is setup in IIS 6.

1. When I run this on my Vista PC - I'm correctly authenticated
and
the
file
is written perfectly to the remote share.
2. If I move my webapp to a Windows 2003/IIS 6 webserver and
create
a
share
on this server \\mywebserver\testshare everything still works
perfectly
3. But - I if I try to write to a REMOTE share i.e
\\myotherserver\testshare
it fails with "file not found" - no further explanation :-S I've
tried to
scan for activity on the remote servers filesystem with Filemon -
but
it
does'nt even look like it tries to access the share at all....
Permissions
are set to everyone both at NTFS and share permissions at this
share.
ANY ideas guys??
Regards,
Roger
do you use an impersonation or you run the application under
asp.net account?



.

Relevant Pages

  • Re: Win 2003 svr/ASP.NET 2.0 UNC share
    ... Dominick Baier ... Developing More Secure Microsoft ASP.NET 2.0 Applications ... Now I need to setup Kerberos between the web1 and fileserver web2. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: How to hide programs from start menu for TS Users
    ... suite manager will allow you to determine the only ways that the server will ... > hi i have citrix setup on windows 2000, i have publshed applications on ... > is there any way to restrict or hide programs from start menu? ...
    (microsoft.public.windows.server.security)
  • Re: How to setup a headless machine
    ... >>I'm going to setup a third linux box in my room, ... >thought I would also point out that you can run X applications remotely ... >by tunneling them over SSH. ... cannot connect to X server'. ...
    (Fedora)
  • Re: How to setup a headless machine
    ... > I'm going to setup a third linux box in my room, ... thought I would also point out that you can run X applications remotely ... to X server" on the Security tab. ... select "XDMCP Chooser" and then double click the appropriate ...
    (Fedora)
  • To log on to this remote console session, you must have administrative permission on this computer
    ... I setup a server for Thin Clients to connect to and run applications ... on this computer" when trying to log into the server with a Domain User ...
    (microsoft.public.windows.terminal_services)
Loading