Current User Credential Security settings don"t seem to allow access when they should.

Current User Credential Security settings don"t seem to allow access when they should.

am 30.03.2006 18:23:00 von D Witherspoon

IIS 6 Win2K3.

I created a new virtual folder. That points to \\fileshare\myfolder.

the virtual folder is set to use integrated windows authentication and the
"connect as" is set to "Always use the authenticated user's credentials when
validating access to the network directory."

So.. I go ang test this. I have full access to \\fileshare\myfolder and
it's contents.
But when I browse to http:\\myweb\myfolder\anyfile.htm I get "You are not
authorized to view this page".

If I change the "Connect As" to use my currently logged in acount username
and password I can access http:\\myweb\myfolder\anyfile.htm just fine.

Am I missing something here. It seems straightforward to me that this
should work.

To let you know \\fileshare is a fileshare that is located on another server
but within the same domain.

All help is appreciated.

Re: Current User Credential Security settings don"t seem to allow access when they should.

am 02.04.2006 08:57:56 von Ken Schaefer

You need to ensure that Kerberos authentication is being used, and that
delegation is properly enabled. It doesn't "just work"

Is the IIS box trusted for delegation in Active Directory?
Is the user account not marked as "sensitive" and unabled to be delegated?
Do the correct SPNs exist for the remote CIFS server?
Is the client actually using Kerberos to authN to the IIS box?

Lots of unanswered questions there. :-)

Cheers
Ken


"D Witherspoon" wrote in message
news:OdY83YBVGHA.4900@TK2MSFTNGP12.phx.gbl...
: IIS 6 Win2K3.
:
: I created a new virtual folder. That points to \\fileshare\myfolder.
:
: the virtual folder is set to use integrated windows authentication and the
: "connect as" is set to "Always use the authenticated user's credentials
when
: validating access to the network directory."
:
: So.. I go ang test this. I have full access to \\fileshare\myfolder and
: it's contents.
: But when I browse to http:\\myweb\myfolder\anyfile.htm I get "You are not
: authorized to view this page".
:
: If I change the "Connect As" to use my currently logged in acount username
: and password I can access http:\\myweb\myfolder\anyfile.htm just fine.
:
: Am I missing something here. It seems straightforward to me that this
: should work.
:
: To let you know \\fileshare is a fileshare that is located on another
server
: but within the same domain.
:
: All help is appreciated.
:
: