Re: Bug in asp.net?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

This is more of a question of delegation at the OS level with respect to
NTLM and Active Directory. The short answer to this question is to use
Active Directory. Here is the longer version.

NTLM can not perform what is called delegation. To respond to an
authentication challenge correctly in NTLM, the subject requesting access
must have the credentials in hand. Here is the first scenario that you
outlined.

User -> IIS Server -> Network Share

In this scenario, IIS talks directly to the network share and has the
credentials in hand (from the web.config file). Now the second case.

User -> IIS Server -> Network Share

In this case, the credentials originate with the user. It will successfully
respond to the IIS challeng and authenticae. However when IIS is challenged
to authenticae with the network share it cannot since it does not have the
User credentials. This is a limitation of NTLM.

Active Directory can support this scenario however.

--
Jared Parsons [MSFT]
jaredpar@xxxxxxxxxxxxxxxxxxxx
http://blogs.msdn.com/jaredpar
"This posting is provided "AS IS" with no warranties, and confers no rights"
"Vaibhav Bhuva via .NET 247" <anonymous@xxxxxxxxxxxxx> wrote in message
news:uZ90mjUWFHA.1508@xxxxxxxxxxxxxxxxxxxxxxx
>I am trying to access the subdirectories in a network folder
>\\server\folder. Obviously the network folder has restricted access. if I
>turn on the impersonation and specify the username and password, i.e.
> <identity impersonate="true" username="username" password="password"/>
> then i can access the files and folders using the DirectoryInfo.
> but if i use
> <identity impersonate="true" />
> the DirectoryInfo.Exists() returns false for the same folder.
>
> The IIS is setup to allow only integrated windows authentication. I also
> checked the user name for the second case and it comes out correctly.
>
> any ideas how can it be solved.
>
>
> --------------------------------
> From: Vaibhav Bhuva
>
> -----------------------
> Posted by a user from .NET 247 (http://www.dotnet247.com/)
>
> <Id>oSQ5A8T7l0+vXU25XQ1B+w==</Id>


.

Relevant Pages

  • Windows 2003 Password Encryption
    ... storing user passwords in Active Directory. ... XP clients so will be using Kerberos and NTLM v2 for authentication. ... Windows 2003 Active Directory? ...
    (microsoft.public.win2000.security)
  • Re: NTLM and can it be termed as a directory
    ... So NTLM is used to authenticate users but where is that information ... server and that is where the user, ... >> NTLM can be referred to as a directory service like Active Directory? ...
    (microsoft.public.security)
  • Re: lan hash
    ... While Kerberos is the default authentication mechanism in Windows Server ... 2003 Active Directory environment - it's certainly not the only one. ... NTLM is one of the options, functioning essentially as a fallback, in ... for only the local accounts and not domain accounts right? ...
    (microsoft.public.windows.server.active_directory)
  • Re: NTLM and can it be termed as a directory
    ... Where the store lies is inconsequential, ... NTLM is not a directory service. ... So NTLM is used to authenticate users but where is that ... >>> NTLM can be referred to as a directory service like Active Directory? ...
    (microsoft.public.security)
  • Re: Server 2003 vs XP Pro
    ... IIS 6.0 is built in to Windows ... Server 2003, IIS 5.1 is built in to XP Pro, the core system files are ... How does that solve your wanting to learn Active Directory? ...
    (microsoft.public.windows.server.general)