| Author |
 Topic  |
|
|
davemaxwell
Access 2000 Support Moderator
USA
3020 Posts |
 Posted - 29 August 2003 : 08:06:30
|
I posted this at another forum but thought I'd throw it out here as well and try to get the answer the fastest way possible...
I've got a permission problem I hope y'all can help me out with. We've been playing with it for two days with no success.
We have three different machines involved. One is the webserver(Win2K SP4, IIS5.0), one is the database(Oracle8i) and the file repository. We are using the filesystem object to get the file (tiff images) based on the directory info pulled from the oracle database.
When the machines were hooked up independently and running w/ anonymous access with simultaneous users, it works fine. When we hooked them up to the Domain but still used anonymous access, it still works fine. When we removed the anonymous access and used the integrated windows authorization, if we access the website via the browser right on the webserver, we can access the image. If we try to access the website via the browser via any other machine, we get a file not found from the retrieval script.
We've tried reassigning who's running the webservice and the com+ service to use a domain level user.
We're also being forced to run the website in the low pool, which we'd really like to get back up to medium.
Any ideas on where to start? |
Dave Maxwell
Barbershop Harmony Freak |
|
|
Doug G
Support Moderator
USA
6493 Posts |
Posted - 29 August 2003 : 11:09:44
|
If it helps, afaik when you remove anonymous access IIS will impersonate the logged-in user. Maybe the login user doesn't have permission to the files?
|
======
Doug G
======
Computer history and help at www.dougscode.com |
 |
|
|
davemaxwell
Access 2000 Support Moderator
USA
3020 Posts |
Posted - 29 August 2003 : 11:50:28
|
You're right in that IIS impersonates the user logged in. In this case, the user has permission on the files (we used the same user we were using for anonymous just to eliminate that possibility).
I did find a snippet on MSDN that if we use Windows Integrated Authentication, we can't access remote resources because of delegation. There is supposed to be a way around it by enabling delegation, but the link on the page I started from didn't work. Searching MSDN can be so much fun 
Go figure, the most secure option is the one that has the least capabilities. Grrrr..... |
Dave Maxwell
Barbershop Harmony Freak |
Edited by - davemaxwell on 29 August 2003 11:51:31 |
|
|
|
Nikkol
Forum Moderator
USA
6907 Posts |
|
|
davemaxwell
Access 2000 Support Moderator
USA
3020 Posts |
Posted - 29 August 2003 : 19:48:28
|
quote:
Originally posted by Nikkol
what happens if you use basic rather that windows integrated?
That works fine, but they want to use WA because of the enhanced hashing.
Government work. Gotta love it... |
Dave Maxwell
Barbershop Harmony Freak |
|
|
|
Doug G
Support Moderator
USA
6493 Posts |
Posted - 29 August 2003 : 19:52:16
|
Using Windows Authentication only in IIS does limit you to IE only browsers, I think.
|
======
Doug G
======
Computer history and help at www.dougscode.com |
|
|
|
davemaxwell
Access 2000 Support Moderator
USA
3020 Posts |
Posted - 29 August 2003 : 22:17:34
|
quote:
Originally posted by Doug G
Using Windows Authentication only in IIS does limit you to IE only browsers, I think.
That's OK in this instance (though I'm not sure that's true - will have to try on Tuesday when I get back to work) |
Dave Maxwell
Barbershop Harmony Freak |
|
|
| |
Topic |
|
Topic Locked
