|
Home > Archive > IIS Server > November 2004 > webdav + virtual directories
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
webdav + virtual directories
|
|
| Andy M 2004-11-03, 5:52 pm |
| It seems that it cant be done.
I am trying to setup webdav on a win2k server. The problem is that the
directory is on a network drive, so when the user authenticates to iis
everything is fine, but then iis authenticates to the network drive with the
supplied credentials in the iis properties, and all effective ntfs permission
that the original user that logged in with are lost becuase it will use the
iis suplied credentials to authenticate.
Is there a way around this? I want iis to use the credentials supplied by
the user at the time of login to authenticate to the network drive.
Thanks for your help in advance,
Andy
| |
| David Wang [Msft] 2004-11-04, 7:48 am |
| You are asking about pass-thru authentication on a UNC vdir, and the only
way to set it up is to:
1. Make sure to NEVER specify the UNC Username/password. Simply unchecking
the check box is not good enough -- the UNC Username/password is already
tainted and you need to manually delete it to make pass-thru auth work
2. Use a delegatable authentication scheme so that IIS can actually use the
user's credentials when accessing a network resource. This means either use
Basic authentication, or use Integrated authentication with Kerboros and
Active Directory required.
See this URL for details.
http://www.microsoft.com/technet/pr...s/remstorg.mspx
You need to be aware that for security reasons, this is not simply possible:
"I want iis to use the credentials supplied by the user at the time of login
to authenticate to the network drive."
What you are trying to do requires delegation, a privileged operation, so
trust between machines must be established and control of where the user's
identity goes needs to be strict. Thus, you will either find the
authentication protocol dictates what should happen but you do not need to
worry about security, or you use Basic authentication which implicitly
delegates the username/password, which then requires you to safeguard
everything... including encryption of the credentials in memory to prevent
memory-dump attacks.
Good luck.
--
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Andy M" <Andy M@discussions.microsoft.com> wrote in message
news:16B6C466-CD88-4DE6-B220-F752177CF47C@microsoft.com...
It seems that it cant be done.
I am trying to setup webdav on a win2k server. The problem is that the
directory is on a network drive, so when the user authenticates to iis
everything is fine, but then iis authenticates to the network drive with the
supplied credentials in the iis properties, and all effective ntfs
permission
that the original user that logged in with are lost becuase it will use the
iis suplied credentials to authenticate.
Is there a way around this? I want iis to use the credentials supplied by
the user at the time of login to authenticate to the network drive.
Thanks for your help in advance,
Andy
|
|
|
|
|