But NTFS permissions are notoriously difficult to wade through. Your application can access the file and enumerate the share permissions to see if the user has access, then allow the download if so. That works in IE, but not in Chrome because Chrome specifically disables file:// links (unless you enable it via plugin).Īnother, more complicated option is to pipe the file through your application. One option is a direct link to the share (if the user's computer has network access to the server): I agree this is a difficult problem to solve if you really want the share permissions of the share to dictate who can download the file through the site. If setting up delegation is not an option, then you will have to find another way to serve those files to the user. To enable that, you might be able to setup Kerberos delegation in Active Directory, which can get complicated. I believe you're running into the double hop problem: You can use the user's credentials to authenticate on your server, but you cannot (by default) send those credentials to another server. Those are completely separate operations. The user is authenticating to your website. There are two separate authentications going on: Note, I already looked at Pass-through authentication not working. In the Virtual Directory setup, if I change it from pass-through to "specific user", it works but that bypasses the security of the active directory groups.Īm I configuring something incorrectly here? When I try to navigate to the site with a link like this: I get repeatedly prompted for credentials even though the credentials I enter should be valid. Physical Path Credentials: Application user (pass-through authentication) Only users who have access to the network folder through active directory groups should be able to download the files through the website. (Intranet) I'm trying to setup a website which will serve up files from a network share (\\servername\folder\file). The Application pool configuration looks like this: When I press Test Settings, I get the following:Īnonymous Authentication is Enabled, and Anonymous user identity is Application pool identity. When I press Test Settings, I get the above error. Read/write/browse access is also granted to:ĭialog, select Application User (pass through authentication). The server is on a domain, and domain\server$ has read/write/browse access to The physical directory was created, but I cannot get it to work. I am trying to set up IIS web services and ASP.NET services on Windows Server 2008 R2.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |