Re: GetFileSecurity return ERROR_ACCESS_DENIED

From: Azar (Azar_at_somewhere.or.another.net)
Date: 10/09/05

• Next message: Dejan: "Re: csp/pkcs11 container name management"
• Previous message: joy: "customized gina load prob"
• In reply to: Nahanni: "GetFileSecurity return ERROR_ACCESS_DENIED"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sun, 9 Oct 2005 17:58:33 -0400

> The
> security for this CGI is "Windows Integrated Authentification"
> (Challenge/Response), so it is executed under the account of the user
> that launched Internet Explorer (a domain user).
>
> In that CGI, I need to execute functions such as "CreateFile" or
> "GetFileSecurity" on files through the network (drive mapped or UNC).
> These functions return ERROR_ACCESS_DENIED error code.

By "Challenge/Response" I presume you mean you are using NTLM
authentication. While NTLM allows the web server to verify the authenticity
of the client, it does not allow the web server to authenticate as the
client to another remote service (in this case, another file server).

You either have to get Kerberos authentication working or use "Basic
authentication". When using basic authentication, the user's username and
password will be queried by the web server and used to establish a local
logon session from which the web server can authenticate the user to other
services.

---

• Next message: Dejan: "Re: csp/pkcs11 container name management"
• Previous message: joy: "customized gina load prob"
• In reply to: Nahanni: "GetFileSecurity return ERROR_ACCESS_DENIED"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: prompted for username, password on iis5 running xp pro ... >Server will negociated an authentication method. ... >an valid username/password, the username/password box ... >the web server will send the content to the client. ... >the Web Server in Windows 2000 Server and Windows XP Pro ... (microsoft.public.inetserver.iis.security) Re: Securing Windows Media Encoder streams/broadcasts ... >>The security comment was in response to the previous posters comment about ... >>protecting a URL and feeding the video on a web site, ... > authentication system yourself - as the previous poster stated, ... your web server on the encoder client machine modifies the ... (microsoft.public.windowsmedia.encoder) RE: DMZ and AD Authentication ... authentication, and then permitting them users to access the AD for ... thru is the web server was compromised. ... I would recommend using the Cisco Security Agent on the web ... >Subject: DMZ and AD Authentication ... (Security-Basics) RE: website inside or outside the domain? ... it is better not to have domain authentication traffic ... publicly accessible web server in a DMZ, with a DC also in the DMZ ... > webserver is ... network) its not the best model to use. ... (Focus-Microsoft) Re: Integrated Windows Authentication not working ... >>> only web site and no one is behind a proxy server. ... proxy server between the various user's ISPs and your web server? ... And you're sure that the authentication settings for the virtual ... directory that maps to the physical directory where the .asp files are ... (microsoft.public.inetserver.iis.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.platformsdk.security  > 2005-10