Re: Win 2003 svr/ASP.NET 2.0 UNC share
- From: Dominick Baier <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 8 May 2007 10:28:15 +0000 (UTC)
yep. also alternatively try the fully qualified domain name
-----
Dominick Baier (http://www.leastprivilege.com)
Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)
Like this? setspn -A CIFS/web2 web2
"Dominick Baier" <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote
in message news:51eb3048f5a38c95f7dba36ddf0@xxxxxxxxxxxxxxxxxxxxx
Hi,
you are welcome ;)
try CIFS and HOST + the name of the machine as you use it in the UNC
path.
-----
Dominick Baier (http://www.leastprivilege.com)
Developing More Secure Microsoft ASP.NET 2.0 Applications
(http://www.microsoft.com/mspress/books/9989.asp)
Hey,
First of all - thanks for you patience and excellent help on this
one Dominick... :-)
I use http://demoapp.mydomain.com
I got kerberos working now between client and webserver by using
setspn -A HTTP/demoapp.mydomain.com web1
Now I need to setup Kerberos between the web1 and fileserver web2.
What service am I supposed to use for setspn on the fileserver?
Roger
"Dominick Baier" <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message
news:51eb3048f59e8c95f7427220f70@xxxxxxxxxxxxxxxxxxxxx
what do you type into IE to open the web app?
-----
Dominick Baier (http://www.leastprivilege.com)
Developing More Secure Microsoft ASP.NET 2.0 Applications
(http://www.microsoft.com/mspress/books/9989.asp)
Sorry - didn't see the article yesterday :-P
Excellent article - steped through the troubleshooting part
- seems the two servers are negotiating NTLM between them....
- seems the client and webserver also negotiated NTLM
Do you have any ideas on how the SPN should be setup?
The webserver hosting the app is running IIS6 under the "Network
Service"
account and is called web1.mydomain.com
Used LDP to find these SPN's already configured:
servicePrincipalName: SMTPSVC/WEB1;
SMTPSVC/STRA-WEB1.mydomain.com;
HOST/WEB1; HOST/WEB1.mydomain.com;
Pretty much the same with the filesharing server only the name is
web2:
Regards,
Roger
"Dominick Baier" <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
wrote
in message news:51eb3048f4a98c95ed3bb39c0a0@xxxxxxxxxxxxxxxxxxxxx
you haven't read the article, did you?
Are you sure your SPNs are setup correctly - are you REALLY using
Kerbers (check the security event log of the web server for logon
events - which authentication package to you see?)
-----
Dominick Baier (http://www.leastprivilege.com)
Developing More Secure Microsoft ASP.NET 2.0 Applications
(http://www.microsoft.com/mspress/books/9989.asp)
Thanks Dominick,
1. The web server is a win2003/iis 6 box - same with the box
I've setup the share on for test purposes - both members of our
domain
2. I am impersonating an using a domain account to access the
site.
3. The site is setup with "Integrated auth"
4. The DC is running as "Windows 2000 native" at the domain
functional level
5. The webserver hosting the app is setup as "Trust computer
for delagation"
Still doesn't work - what is the last piece of the puzzle -
anyone.....?? :-)
Roger
"Dominick Baier" <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message
news:51eb3048f4808c95ea322af0140@xxxxxxxxxxxxxxxxxxxxx
well - if you are impersonating _and_ acccessing a remote
resource - this is called delegation and works only under
specific pre-reqs:
- Kerberos authentication (which implies a domain environment)
- Delegation is set up (which is not the default)
have a look here:
http://msdn.microsoft.com/msdnmag/issues/05/09/SecurityBriefs/d
ef au lt .aspx
-----
Dominick Baier (http://www.leastprivilege.com)
Developing More Secure Microsoft ASP.NET 2.0 Applications
(http://www.microsoft.com/mspress/books/9989.asp)
I do impersonate. Testing with my own account - and it does
have more than sufficient permissions.
"Alexey Smirnov" <alexey.smirnov@xxxxxxxxx> wrote in message
news:1178308306.449322.237080@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On May 4, 2:33 pm, "Langedal, Roger" <rogla...@xxxxxxxxxxx>
wrote:
I'm trying to setup a simple test on writing to a file on ando you use an impersonation or you run the application under
UNC
share
from
an asp.net 2.0 webpage. This is whats happing in
default.aspx:
-------------------------------------------------------------
--
--
--
--
-------------- Dim path As String =
"\\remoteserver\testshare"
Response.Write(User.Identity.Name)
My.Computer.FileSystem.WriteAllText(path & "\myfile.txt",
"life's
good", True)
-------------------------------------------------------------
--
--
-- -- --------------
impersonation is enabled and windows auth is setup in IIS 6.
1. When I run this on my Vista PC - I'm correctly
authenticated
and
the
file
is written perfectly to the remote share.
2. If I move my webapp to a Windows 2003/IIS 6 webserver and
create
a
share
on this server \\mywebserver\testshare everything still works
perfectly
3. But - I if I try to write to a REMOTE share i.e
\\myotherserver\testshare
it fails with "file not found" - no further explanation :-S
I've
tried to
scan for activity on the remote servers filesystem with
Filemon
-
but
it
does'nt even look like it tries to access the share at
all....
Permissions
are set to everyone both at NTFS and share permissions at
this
share.
ANY ideas guys??
Regards,
Roger
asp.net account?
.
- References:
- Re: Win 2003 svr/ASP.NET 2.0 UNC share
- From: Langedal, Roger
- Re: Win 2003 svr/ASP.NET 2.0 UNC share
- Prev by Date: Re: Win 2003 svr/ASP.NET 2.0 UNC share
- Next by Date: Re: Win 2003 svr/ASP.NET 2.0 UNC share
- Previous by thread: Re: Win 2003 svr/ASP.NET 2.0 UNC share
- Next by thread: Re: Win 2003 svr/ASP.NET 2.0 UNC share
- Index(es):
Relevant Pages
|
