Re: Upload Files onto a Remote Server

From: Lara (anonymous_at_discussions.microsoft.com)
Date: 02/20/04 

Date: Fri, 20 Feb 2004 09:06:55 -0800

Thank you so much, David!!! I will struggle a bit
longer. :)

>-----Original Message-----
>I do not have any advice specific to "OpenWiki"
nor "ABCUpload", but it is
>quite irrelevant since they are merely code that must
obey the same
>rules/reasonings in the following URL:
>http://www.microsoft.com/technet/prodtechnol/windowsserve
r2003/deploy/confeat/RemStorg.asp
>
>This is what you must decide:
>Are all users going to write to the remote server as one
single user or
>individual user. That is, do you want "Pass-Thru"
authentication where the
>remote user, authenticated, writes as him/her self to
the remote server
>using the same identity, or does everyone get mapped to
one UNCUser identity
>which alone has the ability to write to the remote
server.
>
>How to configure is described in the aforementioned URL.
>
>Based on what you are saying, you seem to want anyone to
be able to use
>ABCUpload to upload to a remote server, but without
authenticating. This
>suggests that you do NOT want "Pass-Thru"
authentication. You should be
>able to accomplish this by turning off all
authentication, enabling only
>Anonymous authentication, make sure the anonymous
username/password is
>synchronized in the IIS Manager UI, the local SAM
database, and the remote
>server's SAM database. Finally, give this user write
permissions on the
>Remote Server's NTFS filesystem as well as full
permissions on the UNC
>Share.
>
>This maps all anonymous requests to be executed by this
synchronized
>identity, which can write to the remote server's NTFS
filesystem via the UNC
>share, completely authenticated without any external
dialog boxes. How you
>latch onto this with a 3rd party component -- that's for
you to figure out,
>using their documentation...
>
>--
>//David
>IIS
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>//
>"Lara" <anonymous@discussions.microsoft.com> wrote in
message
>news:c05701c3ed0f$58b89510$a401280a@phx.gbl...
>Thank you, David and Desmond.
>
>Actually, I am using OpenWiki (web bulletin board kind of
>tool) with an uploading component, called ABCUpload. So,
>under "OpenWiki" virtual directory, I have another one
>called "Attachment".
>
>I have no problem going into OpenWiki, but when I try
>uploading, it fails with a permission error.
>
>The only time it works is when I set the security
>at "OpenWiki" virtual directory level with any user with
>no password, not allowing IIS to control password, and
>enable Basic Authentication. BUT, not without asking to
>login to OpenWiki page everytime.
>
>Do you have any advice or suggestion??
>
>Lara
>P.S. Thanks for your help!
>
>
>>-----Original Message-----
>>>Is there a way to use "Basic Authentication" and yet
>>>enabling single sign-on for the users?
>>
>>Sure. Just enable Basic authentication on IIS and most
>browsers should
>>automagically do it.
>>
>>Single-Sign-On is largely a client-side phenomenon with
>server-side
>>cooperation. With properly configured web browsers, any
>of the
>>authentications supported by IIS and the browser require
>at MOST one user
>>sign-on. By default, IE and Netscape will allow single-
>sign-on using Basic
>>authentication.
>>
>>The way a browser enables Single-Sign-On with Basic
>authentication is to
>>send the base64 encoding of username:password on every
>request to the
>>server. This essentially "pre-authenticates" every one
>of those requests
>>(recall that the HTTP protocol used by web browsers is
>STATELESS while
>>Single-Sign-On is all about maintain some type of user
>session in the form
>>of STATE... and over a stateless protocol like HTTP).
>>
>>Now, since Basic authentication is essential clear-text,
>browsers do not
>>like to freely "pre-authenticate" when crossing websites
>so security
>>reasons.
>>
>>--
>>//David
>>IIS
>>This posting is provided "AS IS" with no warranties, and
>confers no rights.
>>//
>>"Lara" <anonymous@discussions.microsoft.com> wrote in
>message
>>news:b30901c3ec49$f43026f0$a001280a@phx.gbl...
>>When uploading a file onto a remote server on our
>>intranet, it errors as "permission denied". (We are
>>using a component called, ABCUpload.) It only works
>>when "Allow IIS to control password" is not checked.
>>That means I can't use IUSR. But I need to know who
>>logged in. I could use "Basic Authentication", but that
>>means all users have to log-in every single time.
>>
>>Is there a way to use "Basic Authentication" and yet
>>enabling single sign-on for the users?
>>
>>Any suggestion, direction, support helps. :)
>>Thanks!!
>>
>>
>>.
>>
>
>
>.
>

Relevant Pages

  • Re: IE7 and Companyweb Authentication
    ... take an in-depth look at how my remote users login. ... This was what caused the problem with IE7 ... wants to have users authenticate using Basic Authentication which allows ...
    (microsoft.public.windows.server.sbs)
  • Re: Application pool with domain account & anonymous access disabled
    ... Web server must use the remote user's identity to access network ... authentication protocol so that IIS forces authentication (though the choice ... The issue is called "delegation", ...
    (microsoft.public.inetserver.iis)
  • Re: Getting seteuid/setegid functionality out of Windows
    ... the web client supplies to the web server ... via some password-request via SSL, or, in a pure Windows Authentication ... on a remote machine. ...
    (microsoft.public.win32.programmer.kernel)
  • "Local" and "Remote" considered insufficient
    ... These types of discrepancies in terminology happen fairly often. ... to include the amount of "authentication" required, ... vs. remote terminology for a while. ... When an FTP bug is exploitable by "authenticated" users, ...
    (Bugtraq)
  • "Local" and "Remote" considered insufficient
    ... These types of discrepancies in terminology happen fairly often. ... to include the amount of "authentication" required, ... vs. remote terminology for a while. ... When an FTP bug is exploitable by "authenticated" users, ...
    (Vuln-Dev)