Re: IIS 5 looses authenticated user

From: Bernard (qbernard_at_hotmail.com.discuss)
Date: 02/27/04 

Date: Fri, 27 Feb 2004 14:54:07 +0800

What's the ACLs for the upload folder ?
Do a test, grant everyone full control, do you have any problem with the
upload ? if not, it is related to the ACLs settings on that particular
folder.

when you application is runing medium pooled or high isolation, the process
identity will be iwam user. 

-- 
Regards,
Bernard Cheah
http://support.microsoft.com/
Please respond to newsgroups only ...
"Dan Ackermann" <dummy@intos.ch> wrote in message
news:e1wLyNF$DHA.2432@TK2MSFTNGP09.phx.gbl...
> Bernhard,
> That's exactly what I'm thinking myself - but the reality shows it's
> different !!!
> We are using NTFS Permissions. (IIS permissions set to allow anonymous,
> & basic auth.)
> In the specific directory anonymous has NTFS read rights and the
> admingroup for this customer NTFS full control.
> Checked with filemon and it's excatly what I'm expected. If it does not
> work I see a Access denied for user anonymous if it works I see User
> <unable to open token> ???
> Well, somthing makes dllhost.exe switch user context just haven't found
> out what it is :-(
>
> Do you have any other idea ??
> TIA
>
> Dan
>
>
>
>
>
> Bernard wrote:
> > if it work, it should work all the time.. not 9 out of 10.
> > are you using IIS authentication ?
> >
> > when accessing content, IIS will first check your IP to see if it's
allow,
> > then authentication if any, then web permission, and finally ntfs
> > permission. through out the process you will have process identity and
> > request identity. process as in the account running application, such as
> > localsystem for inetinfo, iwam for dllhost, and request identity is the
> > thread that actually accessing the content. if anonymous is allowed,
iusr
> > will be the authenticated user token for the content or the
authenticated
> > user if a registered account logged in.
> >
> > you can try filemon (sysinternals.com) to track related access issue to
see
> > what user actually is accessing or writing the content.
> >
>

Relevant Pages

  • Re: Limit some users?
    ... authentication (they do not like running arbitrary binaries on their servers ... I suggest you only allow IIS to serve content from a NTFS partition. ... One way to do this would be to apply NTFS permissions on the web content. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Content Sources based on Audience
    ... If you index file shares and the NTFS permissions do not have read access ... authentication as normal through the file system. ... authenticate if they do not have access to the shared folder though. ...
    (microsoft.public.sharepoint.portalserver)
  • Re: IIS 5 looses authenticated user
    ... We are using NTFS Permissions. ... > are you using IIS authentication? ... > then authentication if any, then web permission, and finally ntfs ...
    (microsoft.public.inetserver.iis.security)
  • Re: FTP control
    ... > I would like to use NTFS security settings to control who ... I would suggest getting a third party FTP server, ... if you set quota and these permissions for that group you can ... Information Server (IIS) Web site, ...
    (microsoft.public.win2000.security)
  • RE: Any way to remove ADMIN$ only?
    ... Mixing the share permissions and the NTFS permissions generally cause ... which means more groups/people access the same shares. ... Along comes another admin that creates a share at a higher level in the ...
    (Focus-Microsoft)