469,898 Members | 1,536 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,898 developers. It's quick & easy.

Accessing network file form ASP page

Hi all,
I've to access to a network file from an asp pages.

I've red a lot of things on old posts and on Microsoft article but I can't
still solve my problem.

I've got two server inside the same NT domain, each one has its own web
server.

The web server is always IIS 5.0.

One of this web server have to access to a network file in writing mode
inside the other server.

I've tried using this code
-------------------
Set fso = Server.CreateObject("Scripting.fileSystemObject")
uri=\\web21bcklab\c$\Inetpub\wwwroot\WebModules\Lo gger\debugLog.txt
Response.Write fso.FileExists(uri)
---------------------

the existence check returns always false. why ?

How can I solve this problem ?

thx
Jul 22 '05 #1
23 2636
"Lamberti Fabrizio" <lambu@from_italy.it> wrote in message
news:Os**************@TK2MSFTNGP12.phx.gbl...
Hi all,
I've to access to a network file from an asp pages.

I've red a lot of things on old posts and on Microsoft article but I can't
still solve my problem.

I've got two server inside the same NT domain, each one has its own web
server.

The web server is always IIS 5.0.

One of this web server have to access to a network file in writing mode
inside the other server.

I've tried using this code
-------------------
Set fso = Server.CreateObject("Scripting.fileSystemObject")
uri=\\web21bcklab\c$\Inetpub\wwwroot\WebModules\Lo gger\debugLog.txt
Response.Write fso.FileExists(uri)
---------------------

the existence check returns always false. why ?

How can I solve this problem ?


http://www.aspfaq.com/show.asp?id=2168

--
Tom Kaminski IIS MVP
http://www.microsoft.com/windowsserv...y/centers/iis/
http://mvp.support.microsoft.com/
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS
Jul 22 '05 #2
He is not trying to access an Access file but rather a text file. I think
the problem is using an administrative share. c$, rather than a public
share.

Set up a public share on the directory containing the file, e.g., pubdir,
and access it as \\pubdir\filename.

Tom Skinner [ C# MVP]

"Tom Kaminski [MVP]" <tomk (A@T) mvps (D.O.T) org> wrote in message
news:O8**************@TK2MSFTNGP12.phx.gbl...
"Lamberti Fabrizio" <lambu@from_italy.it> wrote in message
news:Os**************@TK2MSFTNGP12.phx.gbl...
Hi all,
I've to access to a network file from an asp pages.

I've red a lot of things on old posts and on Microsoft article but I
can't
still solve my problem.

I've got two server inside the same NT domain, each one has its own web
server.

The web server is always IIS 5.0.

One of this web server have to access to a network file in writing mode
inside the other server.

I've tried using this code
-------------------
Set fso = Server.CreateObject("Scripting.fileSystemObject")
uri=\\web21bcklab\c$\Inetpub\wwwroot\WebModules\Lo gger\debugLog.txt
Response.Write fso.FileExists(uri)
---------------------

the existence check returns always false. why ?

How can I solve this problem ?


http://www.aspfaq.com/show.asp?id=2168

--
Tom Kaminski IIS MVP
http://www.microsoft.com/windowsserv...y/centers/iis/
http://mvp.support.microsoft.com/
http://www.iistoolshed.com/ - tools, scripts, and utilities for running
IIS

Jul 22 '05 #3
It's the same with a public share.

I've already tried it

"Thomas P. Skinner [MVP]" <to*@bu.edu> wrote in message
news:en**************@TK2MSFTNGP15.phx.gbl...
He is not trying to access an Access file but rather a text file. I think
the problem is using an administrative share. c$, rather than a public
share.

Set up a public share on the directory containing the file, e.g., pubdir,
and access it as \\pubdir\filename.

Tom Skinner [ C# MVP]

"Tom Kaminski [MVP]" <tomk (A@T) mvps (D.O.T) org> wrote in message
news:O8**************@TK2MSFTNGP12.phx.gbl...
"Lamberti Fabrizio" <lambu@from_italy.it> wrote in message
news:Os**************@TK2MSFTNGP12.phx.gbl...
Hi all,
I've to access to a network file from an asp pages.

I've red a lot of things on old posts and on Microsoft article but I
can't
still solve my problem.

I've got two server inside the same NT domain, each one has its own web
server.

The web server is always IIS 5.0.

One of this web server have to access to a network file in writing mode
inside the other server.

I've tried using this code
-------------------
Set fso = Server.CreateObject("Scripting.fileSystemObject")
uri=\\web21bcklab\c$\Inetpub\wwwroot\WebModules\Lo gger\debugLog.txt
Response.Write fso.FileExists(uri)
---------------------

the existence check returns always false. why ?

How can I solve this problem ?


http://www.aspfaq.com/show.asp?id=2168

--
Tom Kaminski IIS MVP
http://www.microsoft.com/windowsserv...y/centers/iis/
http://mvp.support.microsoft.com/
http://www.iistoolshed.com/ - tools, scripts, and utilities for running
IIS


Jul 22 '05 #4
Yes - but the procedure provided by Aaron is the same.

Good point about the share - C$ is only available to admins.

"Thomas P. Skinner [MVP]" <to*@bu.edu> wrote in message
news:en**************@TK2MSFTNGP15.phx.gbl...
He is not trying to access an Access file but rather a text file. I think
the problem is using an administrative share. c$, rather than a public
share.

Set up a public share on the directory containing the file, e.g., pubdir,
and access it as \\pubdir\filename.

Tom Skinner [ C# MVP]

"Tom Kaminski [MVP]" <tomk (A@T) mvps (D.O.T) org> wrote in message
news:O8**************@TK2MSFTNGP12.phx.gbl...
"Lamberti Fabrizio" <lambu@from_italy.it> wrote in message
news:Os**************@TK2MSFTNGP12.phx.gbl...
Hi all,
I've to access to a network file from an asp pages.

I've red a lot of things on old posts and on Microsoft article but I
can't
still solve my problem.

I've got two server inside the same NT domain, each one has its own web
server.

The web server is always IIS 5.0.

One of this web server have to access to a network file in writing mode
inside the other server.

I've tried using this code
-------------------
Set fso = Server.CreateObject("Scripting.fileSystemObject")
uri=\\web21bcklab\c$\Inetpub\wwwroot\WebModules\Lo gger\debugLog.txt
Response.Write fso.FileExists(uri)
---------------------

the existence check returns always false. why ?

How can I solve this problem ?


http://www.aspfaq.com/show.asp?id=2168

--
Tom Kaminski IIS MVP
http://www.microsoft.com/windowsserv...y/centers/iis/
http://mvp.support.microsoft.com/
http://www.iistoolshed.com/ - tools, scripts, and utilities for running
IIS


Jul 22 '05 #5
> He is not trying to access an Access file but rather a text file.

The problem is still the same. IUSR cannot touch a text for the same
reasons it can't touch an MDB file... the other machine doesn't know who he
is!
I think the problem is using an administrative share. c$, rather than a public share.


Yes, this definitely part of the problem. The only way you could have C$ be
used is if you add WebServer\IUSR_WebServer to the local admin group on the
server web21bcklab ... not exactly a recommended approach, but I guess it
depends on the environment. I'd prefer to have public shares explicitly
granted access than suddenly give IUSR carte blanche over the whole server.

A
Jul 22 '05 #6
Your solution is formally correct but it's doesn't solve completly my
problem.

I've an asp file inside a virtual directory with necessary only Windows
Integrated Authentication enabled. That file have to access to text file
inside another host member of the same NT domain.

The authentication inside asp file is made only with domain user. By this
domain users I can manually access to tha text file, but my web server can
not.

Does my web server always access to text file on network share only by using
IUSR_webserver user ?

"Aaron [SQL Server MVP]" <te*****@dnartreb.noraa> wrote in message
news:Og**************@TK2MSFTNGP14.phx.gbl...
He is not trying to access an Access file but rather a text file.
The problem is still the same. IUSR cannot touch a text for the same
reasons it can't touch an MDB file... the other machine doesn't know who

he is!
I think the problem is using an administrative share. c$, rather than a public
share.


Yes, this definitely part of the problem. The only way you could have C$

be used is if you add WebServer\IUSR_WebServer to the local admin group on the server web21bcklab ... not exactly a recommended approach, but I guess it
depends on the environment. I'd prefer to have public shares explicitly
granted access than suddenly give IUSR carte blanche over the whole server.
A

Jul 22 '05 #7
"Lamberti Fabrizio" <lambu@from_italy.it> wrote in message
news:Os**************@TK2MSFTNGP12.phx.gbl...
: Hi all,
: I've to access to a network file from an asp pages.
:
: I've red a lot of things on old posts and on Microsoft article but I can't
: still solve my problem.
:
: I've got two server inside the same NT domain, each one has its own web
: server.
:
: The web server is always IIS 5.0.
:
: One of this web server have to access to a network file in writing mode
: inside the other server.
:
: I've tried using this code
: -------------------
: Set fso = Server.CreateObject("Scripting.fileSystemObject")
: uri=\\web21bcklab\c$\Inetpub\wwwroot\WebModules\Lo gger\debugLog.txt
: Response.Write fso.FileExists(uri)
: ---------------------
:
: the existence check returns always false. why ?
:
: How can I solve this problem ?

How often does it need to be accessed and how updated does the data need to
be?

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
MSDN Library - http://msdn.microsoft.com/library/default.asp
Jul 22 '05 #8
It's not the web server, but rather the ISAPI extension. In this case
ASP.dll. ASP.NET doesn't run under IUSR_server, but rather under the account
ASPNET on XP Pro and under NETWORK on WS3 if I recall correctly. With
ASP.NET there are ways of impersonating a user and therefore any actions by
that user would have that users security token. Unfortunately I don't think
there is any way to do this under ASP other than writing your own ISAPI
extension. You are probably stuck with IUSR_server credentials. I might be
wrong though. Personally I would switch to ASP.NET.

You can always put this file in its own directory and make it a public
writable share and then your server could access it regardless of
authentication credentials. Of course this offers no protection.

Tom Skinner [C# MVP]
"Lamberti Fabrizio" <lambu@from_italy.it> wrote in message
news:u2**************@TK2MSFTNGP15.phx.gbl...
Your solution is formally correct but it's doesn't solve completly my
problem.

I've an asp file inside a virtual directory with necessary only Windows
Integrated Authentication enabled. That file have to access to text file
inside another host member of the same NT domain.

The authentication inside asp file is made only with domain user. By this
domain users I can manually access to tha text file, but my web server can
not.

Does my web server always access to text file on network share only by
using
IUSR_webserver user ?

"Aaron [SQL Server MVP]" <te*****@dnartreb.noraa> wrote in message
news:Og**************@TK2MSFTNGP14.phx.gbl...
> He is not trying to access an Access file but rather a text file.


The problem is still the same. IUSR cannot touch a text for the same
reasons it can't touch an MDB file... the other machine doesn't know who

he
is!
> I think the problem is using an administrative share. c$, rather than a

public
> share.


Yes, this definitely part of the problem. The only way you could have C$

be
used is if you add WebServer\IUSR_WebServer to the local admin group on

the
server web21bcklab ... not exactly a recommended approach, but I guess it
depends on the environment. I'd prefer to have public shares explicitly
granted access than suddenly give IUSR carte blanche over the whole

server.

A


Jul 22 '05 #9
I can't understand why you want to know this kind of information.

That file could be access a lot of time in some days and just a few in other
ones

How often does it need to be accessed and how updated does the data need to be?

Jul 22 '05 #10
> I can't understand why you want to know this kind of information.

Why can't you just answer the question, instead of being defensive about it?
Maybe the response after that would show you why he was asking...

He was probably wondering if the file could be copied locally on a schedule,
so that ASP had access to it locally. Then you don't have to change
permissions and deal with an app having access to important shares.

You should look into DFS, perhaps.
Jul 22 '05 #11
I can't move to local that text file.

I have to access remotely to that file by using an asp file publish on a web
server.

"Aaron [SQL Server MVP]" <te*****@dnartreb.noraa> wrote in message
news:ew**************@tk2msftngp13.phx.gbl...
I can't understand why you want to know this kind of information.
Why can't you just answer the question, instead of being defensive about

it? Maybe the response after that would show you why he was asking...

He was probably wondering if the file could be copied locally on a schedule, so that ASP had access to it locally. Then you don't have to change
permissions and deal with an app having access to important shares.

You should look into DFS, perhaps.

Jul 22 '05 #12
Then you're going to have to set IIS to run that application/virtual
directory/site as a domain authenticated user instead of IUSR. Again,
http://www.aspfaq.com/show.asp?id=2168 tells you how to change the user that
IIS impersonates. You should read through it.

--
http://www.aspfaq.com/
(Reverse address to reply.)


"Lamberti Fabrizio" <lambu@from_italy.it> wrote in message
news:#7*************@TK2MSFTNGP15.phx.gbl...
I can't move to local that text file.

I have to access remotely to that file by using an asp file publish on a web server.

"Aaron [SQL Server MVP]" <te*****@dnartreb.noraa> wrote in message
news:ew**************@tk2msftngp13.phx.gbl...
I can't understand why you want to know this kind of information.


Why can't you just answer the question, instead of being defensive about

it?
Maybe the response after that would show you why he was asking...

He was probably wondering if the file could be copied locally on a

schedule,
so that ASP had access to it locally. Then you don't have to change
permissions and deal with an app having access to important shares.

You should look into DFS, perhaps.


Jul 22 '05 #13
"Aaron [SQL Server MVP]" wrote in message
news:ew**************@tk2msftngp13.phx.gbl...
:> I can't understand why you want to know this kind of information.
:
: Why can't you just answer the question, instead of being defensive about
it?
: Maybe the response after that would show you why he was asking...
:
: He was probably wondering if the file could be copied locally on a
schedule,
: so that ASP had access to it locally. Then you don't have to change
: permissions and deal with an app having access to important shares.
:
: You should look into DFS, perhaps.

You were right on the money.

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
MSDN Library - http://msdn.microsoft.com/library/default.asp
Jul 22 '05 #14
"Lamberti Fabrizio" <lambu@from_italy.it> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl...
:I can't understand why you want to know this kind of information.
:
: That file could be access a lot of time in some days and just a few in
other
: ones
:
: >
: > How often does it need to be accessed and how updated does the data need
: to
: > be?
: >

To not be able to open up security, you could use WSH to make the file
available locally so the user could access it with the rights they have
right now.

I have a service I offer to customers that sign up for it for a product I
have written. Shipping tables update sometimes weekly. It is a annoying
process to update these manually. I have automated the procedure and allow
people to get it from me in the format they need so they don't have to do it
themselves. I pull data from the vendor's web sites with WSH and update
their config.asp file. This file is scheduled with AT. It works well.

If you are unable to do something similar then, as Aaron said, you're going
to have open up your security so the users have access.

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
MSDN Library - http://msdn.microsoft.com/library/default.asp


Jul 22 '05 #15
> The authentication inside asp file is made only with domain user. By
this domain users I can manually access to tha text file, but my web
server can not.
This is the classic "double hop" scenario. Integrated Authentication(NTLM)
does not support "double hop" because the web server is not authorized to do
so.

Authentication choices that allow double hop include:
1. Basic
2. Integrated Authentication(Kerberos)
3. Custom Authentication that mimics #1 or #2 in principle
4. Protocol Transition from (Whatever)->Kerberos

The following URL should have the necessary pointers to set this up. It
talks about things in terms of a UNC vdir, but it is really not much
different than an ASP page accessing a UNC share.

http://www.microsoft.com/technet/pro.../remstorg.mspx

I believe IIS5 supports choices #1, #2, and #3.

FYI: There is a difference between using the domain user to manually access
the text file and having the domain user login to the web server and use the
web server access the text file using the domain user's identity. Namely,
when the domain user manually accesses the text file, they are directly
doing this action (no delegation through third party). Meanwhile, with a web
server, the user only authenticates to the web server and can touch objects
on that server as themselves; the web server does not have permissions to
access other network resources on behalf of the user. If this looks
illogical to you, consider when a user accesses your webserver, whether your
web server should be allowed to withdraw money from their bank's remote
server as the user (instead of copying a file to a remote server as the
user). The two actions are identical from a networking/trust perspective,
but one action is clearly ok while the other is not ok. The reason that it
is not ok is the reason your current ASP page is failing.

--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Lamberti Fabrizio" <lambu@from_italy.it> wrote in message
news:u2**************@TK2MSFTNGP15.phx.gbl...
Your solution is formally correct but it's doesn't solve completly my
problem.

I've an asp file inside a virtual directory with necessary only Windows
Integrated Authentication enabled. That file have to access to text file
inside another host member of the same NT domain.

The authentication inside asp file is made only with domain user. By this
domain users I can manually access to tha text file, but my web server can
not.

Does my web server always access to text file on network share only by using
IUSR_webserver user ?

"Aaron [SQL Server MVP]" <te*****@dnartreb.noraa> wrote in message
news:Og**************@TK2MSFTNGP14.phx.gbl...
He is not trying to access an Access file but rather a text file.


The problem is still the same. IUSR cannot touch a text for the same
reasons it can't touch an MDB file... the other machine doesn't know who

he is!
I think the problem is using an administrative share. c$, rather than a public
share.


Yes, this definitely part of the problem. The only way you could have C$

be used is if you add WebServer\IUSR_WebServer to the local admin group on the server web21bcklab ... not exactly a recommended approach, but I guess it
depends on the environment. I'd prefer to have public shares explicitly
granted access than suddenly give IUSR carte blanche over the whole server.
A


Jul 22 '05 #16
The solution described in your url is formally correct, but it is not
suitable to my problem.

My text file must be accessed only by an ASP file or application that use
only Integrated Windows Authentication.

Your solution is correct but it uses Anonymous Access.

"Aaron [SQL Server MVP]" <te*****@dnartreb.noraa> wrote in message
news:%2***************@TK2MSFTNGP14.phx.gbl...
Then you're going to have to set IIS to run that application/virtual
directory/site as a domain authenticated user instead of IUSR. Again,
http://www.aspfaq.com/show.asp?id=2168 tells you how to change the user that IIS impersonates. You should read through it.

--
http://www.aspfaq.com/
(Reverse address to reply.)

Jul 22 '05 #17
your suggestion is correct but now I've got this strange problem.

When I use my asp page (try.asp) to access the text file by this url
http://IIS_WebServerName/try.asp, it is all right, but when I use this url
http://IIS_WebServerName.DomainName.Ext/try.asp , I obtain the usual error:
my asp page can't access the text file.

Can you still help me?
"David Wang [Msft]" <so*****@online.microsoft.com> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl...
The authentication inside asp file is made only with domain user. By
this domain users I can manually access to tha text file, but my web
server can not.
This is the classic "double hop" scenario. Integrated

Authentication(NTLM) does not support "double hop" because the web server is not authorized to do so.

Authentication choices that allow double hop include:
1. Basic
2. Integrated Authentication(Kerberos)
3. Custom Authentication that mimics #1 or #2 in principle
4. Protocol Transition from (Whatever)->Kerberos

The following URL should have the necessary pointers to set this up. It
talks about things in terms of a UNC vdir, but it is really not much
different than an ASP page accessing a UNC share.

http://www.microsoft.com/technet/pro.../remstorg.mspx
I believe IIS5 supports choices #1, #2, and #3.

Jul 22 '05 #18
David Wang, your suggestion is correct but now I've got this strange
problem.

When I use my asp page (try.asp) to access the text file by this url
http://IIS_WebServerName/try.asp, it is all right, but when I use this url
http://IIS_WebServerName.DomainName.Ext/try.asp , I obtain the usual error:
my asp page can't access the text file.

Can you still help me?
Jul 22 '05 #19
This is most likely a browser-side issue. For example, IE authenticates
differently depending on whether the server name has dots in it or not (it
treats it as different zones).

IIS does not alter behavior based on server name (unless you configured host
header and DNS incorrectly or have server-side application that alters
behavior based on SERVER_NAME server variable). It is just another
identifier as far as IIS is concerned.

--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Lamberti Fabrizio" <lambu@from_italy.it> wrote in message
news:%2****************@TK2MSFTNGP14.phx.gbl...
your suggestion is correct but now I've got this strange problem.

When I use my asp page (try.asp) to access the text file by this url
http://IIS_WebServerName/try.asp, it is all right, but when I use this url
http://IIS_WebServerName.DomainName.Ext/try.asp , I obtain the usual error:
my asp page can't access the text file.

Can you still help me?
"David Wang [Msft]" <so*****@online.microsoft.com> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl...
The authentication inside asp file is made only with domain user. By
this domain users I can manually access to tha text file, but my web
server can not.
This is the classic "double hop" scenario. Integrated

Authentication(NTLM) does not support "double hop" because the web server is not authorized to do so.

Authentication choices that allow double hop include:
1. Basic
2. Integrated Authentication(Kerberos)
3. Custom Authentication that mimics #1 or #2 in principle
4. Protocol Transition from (Whatever)->Kerberos

The following URL should have the necessary pointers to set this up. It
talks about things in terms of a UNC vdir, but it is really not much
different than an ASP page accessing a UNC share.

http://www.microsoft.com/technet/pro.../remstorg.mspx
I believe IIS5 supports choices #1, #2, and #3.



Jul 22 '05 #20
It's an automatic trust within the local network, but not the same when the
domain name is out in the wild. This is what zones are for.

You may have to have your users add the .domainname.ext domain to their
local/trusted zone, or seek another workaround.

--
http://www.aspfaq.com/
(Reverse address to reply.)


"Lamberti Fabrizio" <lambu@from_italy.it> wrote in message
news:OQ**************@TK2MSFTNGP14.phx.gbl...
David Wang, your suggestion is correct but now I've got this strange
problem.

When I use my asp page (try.asp) to access the text file by this url
http://IIS_WebServerName/try.asp, it is all right, but when I use this url
http://IIS_WebServerName.DomainName.Ext/try.asp , I obtain the usual error: my asp page can't access the text file.

Can you still help me?

Jul 22 '05 #21
when I use url WITH domain specification IE loads it inside Internet
Security Zone, while when I use url WITHOUT domain specification it's loaded
inside Intranet Security Zone.

So I've tried adding the host with domain specification inside Trusted Sites
Security Zone and now my asp page works properly.

I've found the solution but I can't understand the reason, or better, I
couldn't found which option inside Security Option panel has solved my
problem.

Any idea ?

"David Wang [Msft]" <so*****@online.microsoft.com> wrote in message
news:u6**************@TK2MSFTNGP12.phx.gbl...
This is most likely a browser-side issue. For example, IE authenticates
differently depending on whether the server name has dots in it or not (it
treats it as different zones).

IIS does not alter behavior based on server name (unless you configured host header and DNS incorrectly or have server-side application that alters
behavior based on SERVER_NAME server variable). It is just another
identifier as far as IIS is concerned.

--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights. //
"Lamberti Fabrizio" <lambu@from_italy.it> wrote in message
news:%2****************@TK2MSFTNGP14.phx.gbl...
your suggestion is correct but now I've got this strange problem.

When I use my asp page (try.asp) to access the text file by this url
http://IIS_WebServerName/try.asp, it is all right, but when I use this url
http://IIS_WebServerName.DomainName.Ext/try.asp , I obtain the usual error: my asp page can't access the text file.

Can you still help me?
"David Wang [Msft]" <so*****@online.microsoft.com> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl...
The authentication inside asp file is made only with domain user. By
this domain users I can manually access to tha text file, but my web
server can not.
This is the classic "double hop" scenario. Integrated

Authentication(NTLM)
does not support "double hop" because the web server is not authorized to do
so.

Authentication choices that allow double hop include:
1. Basic
2. Integrated Authentication(Kerberos)
3. Custom Authentication that mimics #1 or #2 in principle
4. Protocol Transition from (Whatever)->Kerberos

The following URL should have the necessary pointers to set this up. It
talks about things in terms of a UNC vdir, but it is really not much
different than an ASP page accessing a UNC share.

http://www.microsoft.com/technet/pro.../remstorg.mspx
I believe IIS5 supports choices #1, #2, and #3.


Jul 22 '05 #22
How you can see into my last reply to David Wang, I've verified what you
have wrtitten and I've found another workaround but I can't understand
because that workaround is correct.
Can you read that post and still help me ?

Another question about your solution: where have I to add domain information
? insiede domain users profile on Domain Server ?

"Aaron [SQL Server MVP]" <te*****@dnartreb.noraa> wrote in message
news:OJ**************@TK2MSFTNGP09.phx.gbl...
It's an automatic trust within the local network, but not the same when the domain name is out in the wild. This is what zones are for.

You may have to have your users add the .domainname.ext domain to their
local/trusted zone, or seek another workaround.

--
http://www.aspfaq.com/
(Reverse address to reply.)

Jul 22 '05 #23
I believe IE has some hardcoded behavior that treats names differently
depending on whether it has dots or not. The thing that changed is probably
its authentication/auto-logon behavior.

As to how it affects usage of Integrated Authentication -- maybe IE has code
in it that thinks "Integrated Authentication should not work over the
Internet" (because it usually does not). Sorry, dunno much more about IE
other than superficial observations of IE behavior from the outside.

--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Lamberti Fabrizio" <lambu@from_italy.it> wrote in message
news:uI**************@TK2MSFTNGP12.phx.gbl...
when I use url WITH domain specification IE loads it inside Internet
Security Zone, while when I use url WITHOUT domain specification it's loaded
inside Intranet Security Zone.

So I've tried adding the host with domain specification inside Trusted Sites
Security Zone and now my asp page works properly.

I've found the solution but I can't understand the reason, or better, I
couldn't found which option inside Security Option panel has solved my
problem.

Any idea ?

"David Wang [Msft]" <so*****@online.microsoft.com> wrote in message
news:u6**************@TK2MSFTNGP12.phx.gbl...
This is most likely a browser-side issue. For example, IE authenticates
differently depending on whether the server name has dots in it or not (it
treats it as different zones).

IIS does not alter behavior based on server name (unless you configured host header and DNS incorrectly or have server-side application that alters
behavior based on SERVER_NAME server variable). It is just another
identifier as far as IIS is concerned.

--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights. //
"Lamberti Fabrizio" <lambu@from_italy.it> wrote in message
news:%2****************@TK2MSFTNGP14.phx.gbl...
your suggestion is correct but now I've got this strange problem.

When I use my asp page (try.asp) to access the text file by this url
http://IIS_WebServerName/try.asp, it is all right, but when I use this url
http://IIS_WebServerName.DomainName.Ext/try.asp , I obtain the usual error: my asp page can't access the text file.

Can you still help me?
"David Wang [Msft]" <so*****@online.microsoft.com> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl...
The authentication inside asp file is made only with domain user. By
this domain users I can manually access to tha text file, but my web
server can not.
This is the classic "double hop" scenario. Integrated

Authentication(NTLM)
does not support "double hop" because the web server is not authorized to do
so.

Authentication choices that allow double hop include:
1. Basic
2. Integrated Authentication(Kerberos)
3. Custom Authentication that mimics #1 or #2 in principle
4. Protocol Transition from (Whatever)->Kerberos

The following URL should have the necessary pointers to set this up. It
talks about things in terms of a UNC vdir, but it is really not much
different than an ASP page accessing a UNC share.

http://www.microsoft.com/technet/pro.../remstorg.mspx
I believe IIS5 supports choices #1, #2, and #3.



Jul 22 '05 #24

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

1 post views Thread by Yama | last post: by
2 posts views Thread by Tom Wells | last post: by
reply views Thread by Salome Sato | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.