Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

authentication problems with IIS6 virtual directory from shared folder

Posted on 2009-07-01
2
Medium Priority
?
766 Views
Last Modified: 2013-12-08
Hi Experts!,

I configured a virtual directory in IIS6 with a shared folder, but when i access to this files, i dont´ have the same permissions that the NTFS security in the shared folder.
When i open through IE the virtual directory with my domain user i can see everyting (files and folders) and i should not have access. The only authentication method used is Integrated Windows Authentication.

What is the best practices to configure the autentication in virtual directory whit shared folder?
thanks!
0
Comment
Question by:at_user
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 22

Accepted Solution

by:
cj_1969 earned 2000 total points
ID: 24763217
The easiest thing to do is to change the anonymous ID on the security tab to an ID that has permissions to access the directory.
There
The problem you are running into is a security issue with MS servers and passing credentials from the browser to the IIS server to the file server, "3 stage" authentication.  
There are three ways that you can make this work ...
1. You can do as I suggested and over ride the anonymous ID so that it is the credentials from IIS that are used to authenticate to the file server,
2. Enable basic authentication on the directory/site.  This will pass the ID and PW in clear text from the browser to the IIS server which will allow the credntials to then the passed to the file server.  This should only be done if using SSL to encrypt the communications stream to protect the credntials.
3. Enable Kerberos authentication between the IIS and file servers.  Kerberos authentication is only thing that will allow the credentials to be passed in encrypted form from the client to the intermediate server and then from the intermediate server to the third server.  It does this by passing the Kerberos authentication token and not the credentials themselves.  BUT ... to do this means AD changes to allow the IIS server to have delegation rights to AD so that it can validate the token before passing it on.  Enabling the file sharing service on the file server as a an available service so that the Kerberos credentials can be used to authenticate and gain access to this resource.

So ... my recommendation ... use a known account to over-ride the anonymous credentials for this VD.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Preparing an email is something we should all take special care with – especially when the email is for somebody you may not know very well. The pressures of everyday working life stacked with a hectic office environment can make this a real challen…
Ever visit a website where you spotted a really cool looking Font, yet couldn't figure out which font family it belonged to, or how to get a copy of it for your own use? This article explains the process of doing exactly that, as well as showing how…
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question