Re: IIS 5 looses authenticated user

From: Dan Ackermann (dummy_at_intos.ch)
Date: 02/26/04

  • Next message: John H: "Win 2K3, IIS6.0 Config" 
    Date: Thu, 26 Feb 2004 11:29:39 +0100

    Bernhard,
    That's exactly what I'm thinking myself - but the reality shows it's
    different !!!
    We are using NTFS Permissions. (IIS permissions set to allow anonymous,
    & basic auth.)
    In the specific directory anonymous has NTFS read rights and the
    admingroup for this customer NTFS full control.
    Checked with filemon and it's excatly what I'm expected. If it does not
    work I see a Access denied for user anonymous if it works I see User
    <unable to open token> ???
    Well, somthing makes dllhost.exe switch user context just haven't found
    out what it is :-(

    Do you have any other idea ??
    TIA

    Dan

    Bernard wrote:
    > if it work, it should work all the time.. not 9 out of 10.
    > are you using IIS authentication ?
    >
    > when accessing content, IIS will first check your IP to see if it's allow,
    > then authentication if any, then web permission, and finally ntfs
    > permission. through out the process you will have process identity and
    > request identity. process as in the account running application, such as
    > localsystem for inetinfo, iwam for dllhost, and request identity is the
    > thread that actually accessing the content. if anonymous is allowed, iusr
    > will be the authenticated user token for the content or the authenticated
    > user if a registered account logged in.
    >
    > you can try filemon (sysinternals.com) to track related access issue to see
    > what user actually is accessing or writing the content.
    >

  • Next message: John H: "Win 2K3, IIS6.0 Config"

    Relevant Pages

    • Re: FTP control
      ... > I would like to use NTFS security settings to control who ... I would suggest getting a third party FTP server, ... if you set quota and these permissions for that group you can ... Information Server (IIS) Web site, ...
      (microsoft.public.win2000.security)
    • Re: IIS 5 looses authenticated user
      ... > We are using NTFS Permissions. ... >> then authentication if any, then web permission, and finally ntfs ... >> localsystem for inetinfo, iwam for dllhost, and request identity is the ...
      (microsoft.public.inetserver.iis.security)
    • Re: Integrated Authentication - one way cross forest trust
      ... You must set the permissions in IIS and on the folder you are ... > and is in the trusted domain) we are unable to get past the authentication ... this would lead me to believe it is specific to IIS. ... > Logon Failure: ...
      (microsoft.public.inetserver.iis)
    • Re: Limit some users?
      ... authentication (they do not like running arbitrary binaries on their servers ... I suggest you only allow IIS to serve content from a NTFS partition. ... One way to do this would be to apply NTFS permissions on the web content. ...
      (microsoft.public.inetserver.iis.security)
    • Re: Help using impersonation - permission problems.
      ... if you use identity impersonate with nt authentication, permissions are only good on the iis server. ... My IIS is set to use Windows NT ...
      (microsoft.public.dotnet.framework.aspnet)