Security

Previous Topic Next Topic

Pass-through to UNC-Shared Web Content

In IIS 5.0 you can set the location of a virtual directory to be on a network computer by using a UNC (Uniform Naming Convention) name such as \\MyServer\WebDocs. See the figure below. (Due to delegation issues in IIS 4.0, you had to provide a user name and password in order to connect to the remote share.)

Setting the User Name/Password to Access Web Content on a UNC resource

This method has some limitations; most notably you cannot use DACLs correctly on the network share. This is because you are essentially using the user account provided in the IIS 5.0 administration tools and not the real user account in order to access the network resource.

IIS 5.0 introduces the ability to pass user information through user accounts, if the underlying authentication scheme supports credential delegation. However, this ability is not in the user interface. The following script will allow user credentials to be passed through to the remote resource on a virtual directory called Content located on the default Web server:

Dim oVdir
Set oVdir = GetObject("IIS://localhost/W3SVC/1/Root/Content")
oVdir.UNCAuthenticationPassThrough = True
oVdir.SetInfo
Set oVdir = Nothing

See Table 9.3 for a list of authentication schemes and whether they will support delegation. If this pass-through option is set and if the authentication scheme you use does not support delegation, the account defined in the Network Directory Security Credentials is used instead.


© 1997-1999 Microsoft Corporation. All rights reserved.