 |
|
|
|
Next: IIS Application Mappings problem
|
| Author |
Message |
External
Since: Jun 04, 2007
Posts: 9
|
(Msg. 1) Posted: Mon Jun 04, 2007 8:49 am
Post subject: digest authentication on virtual (networked) directories
Archived from groups: microsoft>public>inetserver>iis (more info?)
|
|
|
I'm using digest authentication for access to our intranet and it's
working perfectly when the directories are local to the webserver.
If I add a virtual directory that points to a directory on another
machine (\\server\share\directory etc.), digest authentication no
longer works...
....unless I add NETWORK to the directory's ACL list... but when I do
that any user with a valid AD account can log on to the directory and
the share level ACLs no longer have any effect...
If I don't have NETWORK in the ACL list, I get a prompt for
authentication 3 times, then a "you are not authorized... etc." error
message.
Looking through the Security Event log on the web server give me three
entries saying the my logon request was successfull, but it seems to
be falling over between webserver and network share.
Anyone have any ideas???
Many thanks in advance,
cw |
|
| Back to top |
|
 | |
External
Since: Jun 04, 2007
Posts: 9
|
(Msg. 2) Posted: Tue Jun 05, 2007 2:32 am
Post subject: Re: digest authentication on virtual (networked) directories [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
On 4 Jun, 16:49, cw1972 wrote:
> I'm using digest authentication for access to our intranet and it's
> working perfectly when the directories are local to the webserver.
>
> If I add a virtual directory that points to a directory on another
> machine (\\server\share\directory etc.), digest authentication no
> longer works...
>
> ...unless I add NETWORK to the directory's ACL list... but when I do
> that any user with a valid AD account can log on to the directory and
> the share level ACLs no longer have any effect...
>
> If I don't have NETWORK in the ACL list, I get a prompt for
> authentication 3 times, then a "you are not authorized... etc." error
> message.
>
> Looking through the Security Event log on the web server give me three
> entries saying the my logon request was successfull, but it seems to
> be falling over between webserver and network share.
>
> Anyone have any ideas???
>
> Many thanks in advance,
>
> cw
more info from the webservers Security Event Log - this is what is
logged after 3 logon attempts - all are reported as successfull logons
but I never get access to the virtual directory:
Logon attempt by: WDigest
Logon account: username
Source Workstation: SERVER
Error Code: 0x0
Special privileges assigned to new logon:
User Name: username
Domain: DOMAIN
Logon ID: (0x0,0x27DBD9E)
Privileges: SeSecurityPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeLoadDriverPrivilege
SeImpersonatePrivilege
SeEnableDelegationPrivilege
uccessful Network Logon:
User Name: username
Domain: DOMAIN
Logon ID: (0x0,0x27DBD9E)
Logon Type: 3
Logon Process: WDIGEST
Authentication Package: WDigest
Workstation Name: -
Logon GUID: -
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 192.168.x.x
Source Port: 4463
Logon attempt by: WDigest
Logon account: username
Source Workstation: SERVER
Error Code: 0x0
Special privileges assigned to new logon:
User Name: username
Domain: DOMAIN
Logon ID: (0x0,0x27DC464)
Privileges: SeSecurityPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeLoadDriverPrivilege
SeImpersonatePrivilege
SeEnableDelegationPrivilege
Successful Network Logon:
User Name: username
Domain: DOMAIN
Logon ID: (0x0,0x27DC464)
Logon Type: 3
Logon Process: WDIGEST
Authentication Package: WDigest
Workstation Name: -
Logon GUID: -
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 192.168.x.x
Source Port: 4463
So it looks to me that webserver is authenticating me fine, just never
passing on my credentials to the network resource on the virtual
directory. |
|
| Back to top |
|
| |
External
Since: Dec 28, 2010
Posts: 1
|
(Msg. 3) Posted: Mon Dec 27, 2010 8:26 pm
Post subject: Re: Re: digest authentication on virtual (networked) directories [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
same thing happened to me last night. someone asked to use my network but I didnt remember the password so they said they would go piggy back off the library or a network across the street..well after my xbox couldnt connect to my network, I did some investigating of my logs and found the same things...including the impersonation thingy...have I been hacked and what can I do now?
> On Monday, June 04, 2007 11:49 AM cw1972 wrote:
> I'm using digest authentication for access to our intranet and it's
> working perfectly when the directories are local to the webserver.
>
> If I add a virtual directory that points to a directory on another
> machine (\\server\share\directory etc.), digest authentication no
> longer works...
>
> ...unless I add NETWORK to the directory's ACL list... but when I do
> that any user with a valid AD account can log on to the directory and
> the share level ACLs no longer have any effect...
>
> If I don't have NETWORK in the ACL list, I get a prompt for
> authentication 3 times, then a "you are not authorized... etc." error
> message.
>
> Looking through the Security Event log on the web server give me three
> entries saying the my logon request was successfull, but it seems to
> be falling over between webserver and network share.
>
> Anyone have any ideas???
>
> Many thanks in advance,
>
> cw
>> On Tuesday, June 05, 2007 5:32 AM cw1972 wrote:
>> On 4 Jun, 16:49, cw1972 wrote:
>>
>> more info from the webservers Security Event Log - this is what is
>> logged after 3 logon attempts - all are reported as successfull logons
>> but I never get access to the virtual directory:
>>
>> Logon attempt by: WDigest
>> Logon account: username
>> Source Workstation: SERVER
>> Error Code: 0x0
>>
>> Special privileges assigned to new logon:
>> User Name: username
>> Domain: DOMAIN
>> Logon ID: (0x0,0x27DBD9E)
>> Privileges: SeSecurityPrivilege
>> SeBackupPrivilege
>> SeRestorePrivilege
>> SeDebugPrivilege
>> SeSystemEnvironmentPrivilege
>> SeLoadDriverPrivilege
>> SeImpersonatePrivilege
>> SeEnableDelegationPrivilege
>>
>>
>> uccessful Network Logon:
>> User Name: username
>> Domain: DOMAIN
>> Logon ID: (0x0,0x27DBD9E)
>> Logon Type: 3
>> Logon Process: WDIGEST
>> Authentication Package: WDigest
>> Workstation Name: -
>> Logon GUID: -
>> Caller User Name: -
>> Caller Domain: -
>> Caller Logon ID: -
>> Caller Process ID: -
>> Transited Services: -
>> Source Network Address: 192.168.x.x
>> Source Port: 4463
>>
>>
>> Logon attempt by: WDigest
>> Logon account: username
>> Source Workstation: SERVER
>> Error Code: 0x0
>>
>>
>> Special privileges assigned to new logon:
>> User Name: username
>> Domain: DOMAIN
>> Logon ID: (0x0,0x27DC464)
>> Privileges: SeSecurityPrivilege
>> SeBackupPrivilege
>> SeRestorePrivilege
>> SeDebugPrivilege
>> SeSystemEnvironmentPrivilege
>> SeLoadDriverPrivilege
>> SeImpersonatePrivilege
>> SeEnableDelegationPrivilege
>>
>> Successful Network Logon:
>> User Name: username
>> Domain: DOMAIN
>> Logon ID: (0x0,0x27DC464)
>> Logon Type: 3
>> Logon Process: WDIGEST
>> Authentication Package: WDigest
>> Workstation Name: -
>> Logon GUID: -
>> Caller User Name: -
>> Caller Domain: -
>> Caller Logon ID: -
>> Caller Process ID: -
>> Transited Services: -
>> Source Network Address: 192.168.x.x
>> Source Port: 4463
>>
>>
>> So it looks to me that webserver is authenticating me fine, just never
>> passing on my credentials to the network resource on the virtual
>> directory.
>> Submitted via EggHeadCafe
>> Microsoft ASP.NET For Beginners
>> http://www.eggheadcafe.com/training-topic-area/ASP-NET/7/ASP.aspx >> Stay informed about: digest authentication on virtual (networked) directories |
|
| Back to top |
|
| |
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
|
|
|
FAQ
Search
Profile
Private Messages
Log in
