authentication problems with IIS6 virtual directory from shared folder

Hi Experts!,

I configured a virtual directory in IIS6 with a shared folder, but when i access to this files, i dont´ have the same permissions that the NTFS security in the shared folder.
When i open through IE the virtual directory with my domain user i can see everyting (files and folders) and i should not have access. The only authentication method used is Integrated Windows Authentication.

What is the best practices to configure the autentication in virtual directory whit shared folder?
thanks!
at_userAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

cj_1969Commented:
The easiest thing to do is to change the anonymous ID on the security tab to an ID that has permissions to access the directory.
There
The problem you are running into is a security issue with MS servers and passing credentials from the browser to the IIS server to the file server, "3 stage" authentication.  
There are three ways that you can make this work ...
1. You can do as I suggested and over ride the anonymous ID so that it is the credentials from IIS that are used to authenticate to the file server,
2. Enable basic authentication on the directory/site.  This will pass the ID and PW in clear text from the browser to the IIS server which will allow the credntials to then the passed to the file server.  This should only be done if using SSL to encrypt the communications stream to protect the credntials.
3. Enable Kerberos authentication between the IIS and file servers.  Kerberos authentication is only thing that will allow the credentials to be passed in encrypted form from the client to the intermediate server and then from the intermediate server to the third server.  It does this by passing the Kerberos authentication token and not the credentials themselves.  BUT ... to do this means AD changes to allow the IIS server to have delegation rights to AD so that it can validate the token before passing it on.  Enabling the file sharing service on the file server as a an available service so that the Kerberos credentials can be used to authenticate and gain access to this resource.

So ... my recommendation ... use a known account to over-ride the anonymous credentials for this VD.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Browsers

From novice to tech pro — start learning today.