|
|
|
Question : IIS -- Windows Integrated Authentication
|
|
Hi,
I have an intranet IIS 6.0 web server that has the default website configured for anonymous access. For a particular page used for file upload, I want to be able to get the login name of domain users to associate with their uploaded files.
I set up the file upload page for Windows Integrated Authentication and removed the Anonymous authentication for that page. The rest of the site is still set up for Anonymous access. I can correctly extract the username from an ASP script.
The problem that I am having is that the IIS 6.0 pass-through authentication is trying to kick in, and I am getting errors when trying to access remote files (probably because I haven't set up the webserver for delegation in AD). But I want the ASP scripts and remote file access to run under a certain domain account and DISABLE pass-through authentication.
I have set up the whole default webpage with a UNCUsername and UNCPassword as instructed by Microsoft:
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/8a0e917a-795c-49b7-8896-f46291b289d6.mspx?mfr=true
Since the UNCUsername and UNCPassword are set for the default web site, which is configured for anonymous access, I would think the setting would trickle down to the upload page and that account would be used for all remote file access. Apparently not?
I would appreciate any advice on disabling pass-through authentication and setting the ASP user account ffor an individual page.
|
Answer : IIS -- Windows Integrated Authentication
|
|
The format of the UNC information is correct - that's not the problem.
If you were to try browsing directly to this location the access would take place as the specified UNC user. Since you are accessing the UNC path with the filesystem object it completely bypasses the IIS configuration for the UNC.
There may be a way around this. Is there any way you could put the script on the same UNC path? If so then wnen users hit the script they would be accesing it across the UNC and would use the UNC credentials rather than their own. Then the script would have proper credentials to access the UNC share using the FSO.
Dave Dietz
|
|
|
|
|
|
|
