Re: file security/authentication

"Carl Hilton" <someone@xxxxxxxxxxxxx> wrote in message
news:%23TOWVZRmGHA.4696@xxxxxxxxxxxxxxxxxxxxxxx
I have, granted permissions to this file to domain users. I had thought
that if ANONYMOUS access is turned off in IIS for an object and I
authenticated using INTEGRATED WINDOWS AUTHENTICATION, then the users
credentials would be passed to the object prior to access.


Well, they are, so to speak . . . access to the object is checked
against the token of the process thread that is attempting access.
Upon the access failure by IUsr there should be attempt to get
credentials that will allow, which may cause login prompt at client
if IE is not configured to do this under the covers.

You said you see in the logs failure for IUsr, but you have not
stated what it is that does happen (saving indicating it does not
work as hoped)


"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
news:eE3PNA1lGHA.3732@xxxxxxxxxxxxxxxxxxxxxxx
OK, so I must be missing something, or just do not get
what "vice the actual user . . . " means.
So, what you have done is not effecting what you want?
You did ACL the restricted part with a grant to the account(s)
that should have access ? Ideally this is with a group from
the domain that is also either in the IIS's Users group or is
granted network logon user right.

--
Roger Abell
Microsoft MVP (Windows Server : Security)

"Carl Hilton" <someone@xxxxxxxxxxxxx> wrote in message
news:ewSAGBvlGHA.3588@xxxxxxxxxxxxxxxxxxxxxxx
OK, I thought I had tackled this before a while a ago but forgot what I
did...

I am running IIS6 on a W2K3 server. for most of my site I have Anonymous
access authorized. I have one file that I want to use the local system
ACLs to authenticate with... I have turned off Anonymous access, I have
Integrated Authentication turned on. I have removed IUSR_XXXX from the
local ACL's. If I use my IE to access the file, the audit log shows a
failure for IUSR vice the actual user....

This is on an internal INTRANET,

How can I tweak the system so that the actual user's credintials are
used to verify file permissions.

Thansk
Carl








.

Relevant Pages

  • RE: Save IE password thorugh group policy
    ... that web site, this remote cookie will pickup the password so that the users ... You can configure IIS to Anonymous access or Digest ... Configure Authentication in IIS ...
    (microsoft.public.windows.group_policy)
  • Re: ASP authentification by ip-number
    ... Clear-text account credentials are as risky as using IP addresses for authentication purposes. ... IP addresses are _also_ sent in the clear, and can be intercepted and spoofed _in exactly the same way_ as clear-text credentials. ... If you just need to allow certain IPs to access the Web site, just configure restrictions and use anonymous access. ...
    (microsoft.public.security)
  • Re: User ASPNET in SQL Server 2000
    ... When you hit a web application that has anonymous access, ... While I love integrated security in SQL Server, it is often a pain in web ... maintenance of accounts with access. ... >>> authentication", and has the same users as in Win 2000 ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: My boss....
    ... Click the Edit button under Authentication and access control, ... properties, Web site tab, Advanced button) ... Exchange virtual directory, clear the anonymous access box, clear Integrated ...
    (microsoft.public.windows.server.dns)
  • RE: ActiveDirectory and user page Access
    ... Integrated windows authentication, what made me to use it in the first place. ... Disable Anonymous access in IIS ...
    (microsoft.public.vsnet.general)