Re: UNC Virtual Directories; NTFS permission authentication not accept
- From: "David Wang" <w3.4you@xxxxxxxxx>
- Date: 5 Apr 2007 16:30:17 -0700
While I am happy that you have found a solution to your situation, I
have to say that Delegation is NOT the problem. And using Basic over
SSL is NOT necessarily the correct solution.
Basic over SSL is basically the "I give up because I don't understand
delegation" solution because it is insecure, though in your situation
you are using a non-important ConnectAs user whose delegation
properties you do not need to secure.
In other words, Basic/SSL is a passable workaround for your needs, but
it is definitely not the correct solution for the general issue of
delegation which surfaces as soon as you want users to use your web
server to access resources on another server.
What OS is providing the CIFS file services?
//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//
On Apr 5, 1:56 pm, Jason Carter
<JasonCar...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Just an update here, I found a solution, though it is not what I expected.
Everything I read said that I needed to add the Delegation rights from the
web server to the file server (HOST and cifs). This turned out to be the
problem. Once I removed those delegation rights AND removed the Integrated
Windows Authentication option (leaving only Basic Authentication checked) the
system worked like it I had hoped, authenticating based on the NTFS
permissions of the folder the UNC path was pointing to.
This works fine for me since the SSL is required on all connections.
Thanks to anyone who took a look at this and tried to help!!
"Jason Carter" wrote:
This one is driving me crazy. Here is the environment:
I have one web server, Windows 2003 R2; IIS 6.0, and a files server running
Windows 2003 R2. Both servers are part of a Windows 2003 native Active
Directory domain.
Virtual directories have been created on the web server pointing to a UNC
share: \\hrfile1\https clients\xxxx. Permissions on the https clients share
and the xxxx directory are locked down using NTFS permissions and the virtual
directory is setup with a "connect as" username or password instead asking
for credentails. SSL is required, anonymous access is unchecked, integrated
Windows authentication is checked. In addition, hrweb1 is setup for
delegation to hrfile1 for the HOST can cifs services.
The problem I have is that every time I access the site I am prompted for my
username and password, but even though I enter an username/password that is
authorized, the login screen keeps popping back up. I have created test
directories where share and NTFS permissions are set to EVERYONE - Full
control and still get prompted over and over for credentials.
If I use the "connect as" option, I am prompted for creditails and allowed
in, but once in I can browse to any folder, even ones that I am not allowed
access to, so that is not an option.
If anyone can help me out, I would really appreciate it.
It may not matter, but the web server is part of a network load balanced
system, though I am not testing with the nlb address, just the local address
on one system.- Hide quoted text -
- Show quoted text -
.
- Follow-Ups:
- Re: UNC Virtual Directories; NTFS permission authentication not ac
- From: Jason Carter
- Re: UNC Virtual Directories; NTFS permission authentication not ac
- Prev by Date: Security certificate expiring 4-29-07?
- Next by Date: Re: UNC Virtual Directories; NTFS permission authentication not ac
- Previous by thread: Security certificate expiring 4-29-07?
- Next by thread: Re: UNC Virtual Directories; NTFS permission authentication not ac
- Index(es):
Relevant Pages
|
