Re: to access nt auth. required folders
From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 01/14/04
- Next message: David Wang [Msft]: "Re: Delay in posting change to html page after uploading via ftp."
- Previous message: Bernard: "Re: Clean up CertSrv"
- In reply to: Yu Chai: "Re: to access nt auth. required folders"
- Next in thread: anonymous_at_discussions.microsoft.com: "Re: to access nt auth. required folders"
- Reply: anonymous_at_discussions.microsoft.com: "Re: to access nt auth. required folders"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 13 Jan 2004 20:40:13 -0800
Getting back to your original question -- do you intend to have multiple or
single user accessing the folder that needs higher security?
In otherwords, there is a mapping between the remote user and the
authenticated user on the webserver that is actually performing the access
against the folder. Is the mapping 1-to-1 or many-to-1 ?
-- //David IIS This posting is provided "AS IS" with no warranties, and confers no rights. // "Yu Chai" <yipchunyu@pcihl.com> wrote in message news:0a4301c3d9ab$9e1a13d0$a301280a@phx.gbl... David, thx for your tips. However, I don't know how to write ISAPI. Any readings can u suggested? >-----Original Message----- >If the User does not key in the user ID and password, how is the user going >to authenticate himself to your server? > >If you use a custom authentication format, you will likely need to write a >custom ISAPI Filter to do this. > >LogonUser does not work on the web server because the web server explicitly >logs on and impersonates a user (depending on authentication settings of the >URL) prior to processing the request, intentionally stripping any token you >may have attempted to set via LogonUser. You must convince and change the >user in the web server to do what you want (and that's where the ISAPI >Filter comes in). > >-- >//David >IIS >This posting is provided "AS IS" with no warranties, and confers no rights. >// >"yipchunyu@pcihl.com" <anonymous@discussions.microsoft.com> wrote in message >news:023b01c3d8a4$e2d21200$a101280a@phx.gbl... >Hi guys, >I am working for an asp app with the use of sql 2000, >COM+ and iis 5.0. >In part of the solution, some files (lotus notes related) >will put in a folder that need a higher security and so I >only granted the right for certain NT auth. user to >access. >I need a method to let the user access the folder's files >but don't prompt them to key in the user id and password. > >I tried a method sth like >http://userid:password@webpage.asp >I works but the page's cache and properties display the >password in plain text. So, it don't acceptable in my >case. > >I tried some other thing like "How to: impersonate a user >from active server page" (Q248187) listed in the >knowledge base. it use the function LogonUser >Lib "advapi32.dll". However, it doesn't work in the web >server (it works on my local pc). I guess it may simply >because my web site doesn't join any domain. > >So, any other method can i try? Look forward to hear all >your kindly suggestions. > > >. >
- Next message: David Wang [Msft]: "Re: Delay in posting change to html page after uploading via ftp."
- Previous message: Bernard: "Re: Clean up CertSrv"
- In reply to: Yu Chai: "Re: to access nt auth. required folders"
- Next in thread: anonymous_at_discussions.microsoft.com: "Re: to access nt auth. required folders"
- Reply: anonymous_at_discussions.microsoft.com: "Re: to access nt auth. required folders"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
