|
| Hello-
Web Server Platform: IIS 6.0 on Windows Server 2003, dotNet 2.0
UNC Share: located on remote server in same domain, Windows File
server
Application is ASP.NET 2.0 and must retrieve certain HTML pages and
images from the UNC share. The virtual directory which points to a
UNC share is set to run under a domain account. This account has the
appropriate access to the various .net-related directories on the web
server, because I ran the aspnet_regiis -ga <account> command.
In the web.config file, I am using impersonation under the same domain
account listed above.
My goal is to restrict the viewing of this web application to a
restricted internal audience. Therefor I have the IIS security set to
Windows authentication only, and have restricted security on the
folder level to the web files.
I'm trying to restrict access to this folder with NTFS permissions,
but the ASP.NET domain account I'm using must obviously have read
access to the web application and UNC share. I removed the
"<LocalMachine>\Users" read access, but re-added "Network",
"Interactive" and "Network Service" read access.
How can I use ASP.NET impersonation to connect to a UNC share, but
still restrict access with Windows permissions? There must be a
better way than my approach. Your help is appreciated.
|
|