Re: IIS 6 Cannot Access Remote Files with the FileSystemObject

From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 08/06/04 

Date: Fri, 6 Aug 2004 10:56:01 -0700

No, it is not possible to enable delegation without Active Directory.

It actually does not make sense to allow that because the whole point of
delegation is to create trust between two machines -- and without a mutually
trusted third party (like Active Directory) to maintain this trust, the
notion is quite meaningless from a security perspective (which is what we
are ultimately talking about -- one machine shouldn't arbitrarily trust any
other machine).

You can certainly custom-create trust between any machine, but at that
point, you are responsible for writing any code necessary to maintain it
(i.e. you'd need write your own stripped-down version of Active Directory,
Authentication protocol, etc).

In your scenario, you can try using Basic authentication to see that
everything is "working" and it is only a matter of proper security that your
configuration is failing. 

-- 
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Stuart Cochrane" <stuart.cochrane@kellogg.com> wrote in message
news:uW%23zDIveEHA.3536@TK2MSFTNGP12.phx.gbl...
Hi david,
Thanks for the reply. I have read the article and wanted to know if it
is possible to enable delegation if the remote server is not in Active
Directory. According to the article, in order to configure delegation I
must check the 'Enable this compter for delegation' option via Active
Directory User and Computers ? Is this possible if the remote server is
not in AD.
Thanks for any help
Stuart
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!