Re: IIS impersonation problems

From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 02/18/04 

Date: Wed, 18 Feb 2004 15:08:07 +1100

Are you using Basic or Integrated Windows Authentication?

If the former, then you need to check your permissions settings

If the latter, then IIS never has the user's password - so it can't
impersonate the user directly. It only has a token that doesn't have
permissions to logon to remote resources. So, if you want to use IWA, you
need to use Kerberos and enable delegation in order for IIS to be able to
access remote resources.

Cheers
Ken

"Paul Hillyer" <pwhillyer@hotmail.com> wrote in message
news:CC495F24-C00E-459D-83B6-3F8C10547D96@microsoft.com...
: I have a baisc ASP.Net Application which displays the contents of a given
file structure via a web page using system.io. In Web.config impersonation
is set to true and authentication to windows. On IIS anonymous access is
denied to the application and any virtual directories my application may be
pointing at - some are local and some are remote(connect as property set to
a domain account with relevant access to read file structure). When
accessing the application locally to the server it works fine, when
accessing the application remotely authentication boxes appear and access
denied errors to the remote virtual directories are displayed.
:
: Is there a maximum number of hops impersonation can make? am i missing the
point with impersonation here? any advice would be gratefuly received!!!!

Relevant Pages

  • Re: impersonating a user
    ... > authentication is what determines the context of the thread. ... > applications, IIS will read the HTTP, and when anonymous is selected IIS ... > Local System account (which is the default account for Services that are ... > impersonation and authentication very clearly. ...
    (microsoft.public.inetserver.iis.security)
  • Re: IIS Folder and file security. Impersonation does not work.
    ... Custom URL navigation. ... First -- what you want to do does NOT need the impersonation DLL at all. ... Second -- you are muddling HTML and IIS concepts together and hoping for the ... Now, with IIS6, we have a custom authentication sample ISAPI that should ...
    (microsoft.public.inetserver.iis)
  • Re: 401 Unauthorized trying to read SPList Attachment - owssrv.dll
    ... Client-side impersonation isn't one of them. ... NOTHING on the server unless you negotiate HTTP authentication of some sort. ... be called by the first which actually opens the attachment. ... Unauthorized error from IIS on http://localhost/_vti_bin/owssrv.dll. ...
    (microsoft.public.inetserver.iis.security)
  • Re: custom page for user credentials?
    ... custom HTML page to enter username/password, transmit it in some fashion, ... and do the verification on IIS. ... you MUST give at least one impersonation ... the equivalent of Windows Integrated Authentication everywhere. ...
    (microsoft.public.inetserver.iis.security)
  • Re: HELP PLEASE The request failed with HTTP status 401: Access Denied.
    ... Web Security: Part 2: Introducing the Web Application Manager, Client ... Authentication Options, and Process Isolation ... It introduces the Web Application Manager in IIS that ... logon session, which is dangerous. ...
    (microsoft.public.dotnet.framework.aspnet.security)