Reputation: 756
Access to local resources denied with windows authentication enabled
We have a web application (document management system) running on IIS 7.5 with windows authentication and ASP.Net Impersonation enabled. When a user requests a document, the document is supposed to get cached locally for viewing but users keeps on getting Access to the cache path is denied even though the NTFS is giving them full control to the directory.
The application is running a domain user which is a local admin on that machine and the impersonation is setup to impersonate the authenticated user.
Also, Windows Authentication provider is set to Negotiate and NTLM.
Any help will be much appreciated. Thanks.
Upvotes: 2
Views: 786
Answers (1)
Reputation: 756
The cause of the issue as it turns out is the double hop. The first hop happens when the user is authenticated to the IIS Server but when IIS tries to access a local resource ( second hop), the second hop isn't allowed otherwise developer or admins can abuse your credentials and use them in ways the user doesn't anticipate.
IIS, Windows Authentication and the Double Hop issue
Upvotes: 1
Related Questions
- HTTP Error 401.1 - Unauthorized from Local IIS
- IIS 7.5 Authorization Issue - Network share not accessible
- Windows Authentication not working on local IIS 7.5. Error 401.1
- ASP.NET IIS 7.5 Error, Access Denied
- Access to the path "" is denied
- Windows authentication fail
- Windows Authentication issue in IIS 7.5
- Windows Authentication not working for localhost address in IIS 7.5
- iis 7 \ windows 7 asp.net access is denied
- UnauthorizedAccessException with IIS7