Re: Accessing network file form ASP page

From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 03/07/05 

Date: Mon, 7 Mar 2005 09:57:20 -0800

This is most likely a browser-side issue. For example, IE authenticates
differently depending on whether the server name has dots in it or not (it
treats it as different zones).

IIS does not alter behavior based on server name (unless you configured host
header and DNS incorrectly or have server-side application that alters
behavior based on SERVER_NAME server variable). It is just another
identifier as far as IIS is concerned. 

-- 
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Lamberti Fabrizio" <lambu@from_italy.it> wrote in message
news:%23PlrJ$vIFHA.2420@TK2MSFTNGP14.phx.gbl...
your suggestion is correct but now I've got this strange problem.
When I use my asp page (try.asp) to access the text file by this url
http://IIS_WebServerName/try.asp, it is all right, but when I use this url
http://IIS_WebServerName.DomainName.Ext/try.asp , I obtain the usual error:
my asp page can't access the text file.
Can you still help me?
"David Wang [Msft]" <someone@online.microsoft.com> wrote in message
news:%236ashMvIFHA.1528@TK2MSFTNGP09.phx.gbl...
> > The authentication inside asp file is made only with domain user. By
> > this domain users I can manually access to tha text file, but my web
> > server can not.
>
> This is the classic "double hop" scenario.  Integrated
Authentication(NTLM)
> does not support "double hop" because the web server is not authorized to
do
> so.
>
> Authentication choices that allow double hop include:
> 1. Basic
> 2. Integrated Authentication(Kerberos)
> 3. Custom Authentication that mimics #1 or #2 in principle
> 4. Protocol Transition from (Whatever)->Kerberos
>
> The following URL should have the necessary pointers to set this up. It
> talks about things in terms of a UNC vdir, but it is really not much
> different than an ASP page accessing a UNC share.
>
>
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/webapp/iis/remstorg.mspx
>
> I believe IIS5 supports choices #1, #2, and #3.
>

Relevant Pages

  • Re: IIS/Windows Permissions/Rights
    ... double hop because that is a security vulnerability. ... Suppose your ASP page, when authenticated, connects to the user's bank using ... allowing the server to use their identity on their behalf to do something. ... Kerberos between IIS6 and the backend servers -- the authentication protocol ...
    (microsoft.public.inetserver.iis.security)
  • Re: NT security accounts database vs. "other"
    ... > drawbacks as I see it to NT authentication are that it may require you to ... > domain than just web server access. ... > Another option is to use local Windows accounts on the web server. ... > on an ASP page for authentication. ...
    (microsoft.public.inetserver.iis.security)
  • Re: CreateDirectory working inconsistantly from ASP.net
    ... You are facing the dreaded double hop NTLM issue. ... When the browser authenticates to the web server from a remote ... >I have also checked that the Integrated Authentication is getting passed ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: CreateDirectory working inconsistantly from ASP.net
    ... You are facing the dreaded double hop NTLM issue. ... When the browser authenticates to the web server from a remote ... >I have also checked that the Integrated Authentication is getting passed ...
    (microsoft.public.dotnet.general)
  • Re: CreateDirectory working inconsistantly from ASP.net
    ... You are facing the dreaded double hop NTLM issue. ... When the browser authenticates to the web server from a remote ... >I have also checked that the Integrated Authentication is getting passed ...
    (microsoft.public.dotnet.framework.aspnet.security)