| Groups | Blog | Home |
iis security : Remote Virtual Directory problems
I am having trouble accessing a file on a remote virtual directory when I use Integrated Windows Authentication (download ASP page on main server tries to download file on remote server). I was able to successfully test this when using Anonymous access (set up IUSR_ account and permissions on both servers). I have tried granting my domain logon user ID permissions to the remote site, but no luck. Any ideas? Thanks.
Hi John,
Thanks for posting in the community! From my understanding to this issue, when you enable the integrated windows authentication method, the remote directory in your IIS is not accessed. If you set the remote directory directly in the new virtual directory wizard, you will need to set the pass-through authentication for remote directory as Ken has suggested. The kb article 214806 will introduce the steps for you. 214806 How to Enable Pass-through Authentication for UNC Virtual Directories http://support.microsoft.com/?id=214806 I'd also suggest if your server and the remote directory are located in the same domain, you can set one domain account for the remote virtual direcotry which has enough permission to access the remote and local resource. This way, you can use Integrated Windows authentication method. Please feel free to let me know if you have any further questions. I am standing by to be of assistance! Does this answer your question? Thank you for using Microsoft NewsGroup! Wei-Dong Xu Microsoft Product Support Services Get Secure! - www.microsoft.com/security This posting is provided "AS IS" with no warranties, and confers no rights.
IWA won't work by default because the security token that the webserver has
doesn't have permissions to logon to remote network resources. You can either use Basic authentication (I recommend using SSL then), or if you are in a Windows 2000 or 2003 domain, you can enable delegation (if you are using Kerberos for IWA) Cheers Ken [quoted text, click to view] "John Bunting" <bunting@nerdvana.fu.com> wrote in message :news:715301c3e6b1$8f3682a0$a601280a@phx.gbl... : I am having trouble accessing a file on a remote virtual : directory when I use Integrated Windows Authentication : (download ASP page on main server tries to download file : on remote server). I was able to successfully test this : when using Anonymous access (set up IUSR_ account and : permissions on both servers). I have tried granting my : domain logon user ID permissions to the remote site, but : no luck. Any ideas? Thanks. : : I am running IIS 5.0 under Windows 2000.
Here is another URL that explains everything about UNC Virtual Directories.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/deploy/confeat/RemStorg.asp It talks about the issue from the point of IIS6, which more fully supports this scenario. But, many points are applicable to IIS5 as well. Using IWA on the front-end for UNC VDir is not possible with IIS5 on Windows 2000. On IIS6 and Windows Server 2003, it is possible to use any authentication protocol to access the webserver on the front-end as long as the web server is in a domain and uses Kerberos with delegation on the back-end. -- //David IIS This posting is provided "AS IS" with no warranties, and confers no rights. // [quoted text, click to view] "John Bunting" <bunting@nerdvana.fu.com> wrote in message news:715301c3e6b1$8f3682a0$a601280a@phx.gbl... I am having trouble accessing a file on a remote virtual directory when I use Integrated Windows Authentication (download ASP page on main server tries to download file on remote server). I was able to successfully test this when using Anonymous access (set up IUSR_ account and permissions on both servers). I have tried granting my domain logon user ID permissions to the remote site, but no luck. Any ideas? Thanks. I am running IIS 5.0 under Windows 2000.
I can now access the files when I just point to them (<a href>), but I can't when I use third party products like Infomentum's ActiveFile or Huge-ASP's upload components. Is there something else that I need to do to get these objects to be able to access the remote files? [quoted text, click to view] >-----Original Message-----
>Hi John, > >Thanks for posting in the community! > >From my understanding to this issue, when you enable the integrated windows >authentication method, the remote directory in your IIS is not accessed. > >If you set the remote directory directly in the new virtual directory >wizard, you will need to set the pass-through authentication for remote >directory as Ken has suggested. The kb article 214806 will introduce the >steps for you. >214806 How to Enable Pass-through Authentication for UNC Virtual Directories >http://support.microsoft.com/?id=214806 > >I'd also suggest if your server and the remote directory are located in the >same domain, you can set one domain account for the remote virtual >direcotry which has enough permission to access the remote and local >resource. This way, you can use Integrated Windows authentication method. > >Please feel free to let me know if you have any further questions. I am >standing by to be of assistance! > >Does this answer your question? Thank you for using Microsoft NewsGroup! > >Wei-Dong Xu >Microsoft Product Support Services >Get Secure! - www.microsoft.com/security >This posting is provided "AS IS" with no warranties, and confers no rights. > >.
I was able to access remote files when I point to them with an HTML <a href> tag. I still can't access the files if I use a third-party product like Infomentum's ActiveFile or Huge-ASP for uploading/downloading files. Are there some other settings that I have to configure to allow third-party components to access remote files? Thanks. [quoted text, click to view] >-----Original Message-----
>Hi John, > >Thanks for posting in the community! > >From my understanding to this issue, when you enable the integrated windows >authentication method, the remote directory in your IIS is not accessed. > >If you set the remote directory directly in the new virtual directory >wizard, you will need to set the pass-through authentication for remote >directory as Ken has suggested. The kb article 214806 will introduce the >steps for you. >214806 How to Enable Pass-through Authentication for UNC Virtual Directories >http://support.microsoft.com/?id=214806 > >I'd also suggest if your server and the remote directory are located in the >same domain, you can set one domain account for the remote virtual >direcotry which has enough permission to access the remote and local >resource. This way, you can use Integrated Windows authentication method. > >Please feel free to let me know if you have any further questions. I am >standing by to be of assistance! > >Does this answer your question? Thank you for using Microsoft NewsGroup! > >Wei-Dong Xu >Microsoft Product Support Services >Get Secure! - www.microsoft.com/security >This posting is provided "AS IS" with no warranties, and confers no rights. > >.
I'm not aware of any IIS setting to allow third-party components access to
remote files. If you can use an HREF to a URL which is configured to be a remote UNC Virtual Directory, that says that all the IIS configuration is correct. Any other settings are specific to how those third-party components work, which is outside the scope of an IIS newsgroup. -- //David IIS This posting is provided "AS IS" with no warranties, and confers no rights. // [quoted text, click to view] "John Bunting" <bunting@nerdvana.fu.com> wrote in message news:8cb201c3e9bf$35060c40$a501280a@phx.gbl... I was able to access remote files when I point to them with an HTML <a href> tag. I still can't access the files if I use a third-party product like Infomentum's ActiveFile or Huge-ASP for uploading/downloading files. Are there some other settings that I have to configure to allow third-party components to access remote files? Thanks. [quoted text, click to view] >-----Original Message----- >Hi John, > >Thanks for posting in the community! > >From my understanding to this issue, when you enable the integrated windows >authentication method, the remote directory in your IIS is not accessed. > >If you set the remote directory directly in the new virtual directory >wizard, you will need to set the pass-through authentication for remote >directory as Ken has suggested. The kb article 214806 will introduce the >steps for you. >214806 How to Enable Pass-through Authentication for UNC Virtual Directories >http://support.microsoft.com/?id=214806 > >I'd also suggest if your server and the remote directory are located in the >same domain, you can set one domain account for the remote virtual >direcotry which has enough permission to access the remote and local >resource. This way, you can use Integrated Windows authentication method. > >Please feel free to let me know if you have any further questions. I am >standing by to be of assistance! > >Does this answer your question? Thank you for using Microsoft NewsGroup! > >Wei-Dong Xu >Microsoft Product Support Services >Get Secure! - www.microsoft.com/security >This posting is provided "AS IS" with no warranties, and confers no rights. > >. >
Don't see what you're looking for? Try a search.
|
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |