Re: access to network file server through web server denied

Is the user who is accessing the webserver on the XP box accessing the webserver locally (i.e. using a browser on the XP/Vista workstation)? If so, the authentication token is different, which is why it works

For setting up Kerberos and Delegation, I have a set of FAQ available here:
www.adopenstatic.com/faq (under the IIS and Kerberos heading)

Cheers
Ken

"xcomplus" <xcomplus@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:F712C7B4-C105-4310-80A0-77988F29FCE9@xxxxxxxxxxxxxxxx
Thank you very much for the response. Before I check with the network team to
see whether the network has been configured with "Delegation", I have one
question. On our local developer's web server (It can be IIS 5 on Windows XP
or IIS 7 on Vista), we do not have this problem at all. Is that means that
for developer's web server to access network resources, there is no need for
the delegation to be configured?

Thanks.

"DaveMo" wrote:

On Feb 18, 5:44 am, xcomplus <xcomp...@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote:
> Here is the setup:
> IIS 6 on Windows Server 2003
> On IIS: Anonymous access unchecked. Integrated windows authentication > checked.
> Inside Web.config:
> <authentication mode="Windows"/>
> <identity impersonate="true"/>
>
> In the code of the problem page, call WindowsIdentity.GetCurrent().Name
> returns the domain user logged on that can access the network file > server..
> However, as soon as it calls Directory.GetDirectories(network_path), > the
> login dialog to the web server will popup. The login dialog can not > recognize
> correct credential and continue to popup for three times. After that, > the
> error message says "Access to path 'network_path' is denied.

You are describing a transitive authentication scenario which requires
delegation to be configured. More information on how to do this here:
http://support.microsoft.com/kb/810572

I'm not exactly sure what's driving the login dialog behavior and why
it's rejecting the credentials. If you can provide more information on
the desired behavior - i.e. do you want to have the delegated
authentication experience for your users, or do you want them to be
able to retype their creds (or different creds?) - then other
information might be out there to assist you in solving the problem.

HTH,
Dave

.

Relevant Pages

  • Re: Please help, directory level protection needed.
    ... The last time I had to deal with IIS ... > you rely on the Web Server to implement a check to control access. ... >> I am trying to implement a secure software update directory. ... >> http request will require basic authentication. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Access denied. delegation scenario accessing to a shared resource in cluster
    ... Depending on how your web server is configured ... for delegation, ... application via Kerberos too. ... web server and the cluster server and find out what kind of authentication ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: .Net App/IIS/SQL Server - Authentication issue
    ... Is the IIS server enabled for delegation? ... authentication temporarily. ...
    (microsoft.public.dotnet.security)
  • Re: shared folder access
    ... Your first option is to use Basic Authentication in IIS over SSL. ... This will remove the UNC user token credentials (something that cannot be ... Doing so causes IIS to attempt delegation using ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: ASP.Net impersonation using Oracle..Help!!
    ... is ur web server and iis on the same box? ... If there are on different box then its a delegation issue ... my web application is running on iis on windows xp professional. ... > The strange this is that it WORKS if I explicitly set ...
    (microsoft.public.dotnet.framework.aspnet.security)