Access to local resources denied with windows authentication enabled

2
votes

We have a web application (document management system) running on IIS 7.5 with windows authentication and ASP.Net Impersonation enabled. When a user requests a document, the document is supposed to get cached locally for viewing but users keeps on getting Access to the cache path is denied even though the NTFS is giving them full control to the directory.

The application is running a domain user which is a local admin on that machine and the impersonation is setup to impersonate the authenticated user.

Also, Windows Authentication provider is set to Negotiate and NTLM.

Any help will be much appreciated. Thanks.

1
asp.netiisiis-7iis-7.5
Have you tried adding IUSR_<MachineName> to have access to the folder/files?pinoy_ISF
IUSR_<MachineName> doesn't exist. But I already had IUSR and IIS_IUSRS added with full controlAlaeddin Hussein

1 Answers

1
votes

The cause of the issue as it turns out is the double hop. The first hop happens when the user is authenticated to the IIS Server but when IIS tries to access a local resource ( second hop), the second hop isn't allowed otherwise developer or admins can abuse your credentials and use them in ways the user doesn't anticipate.

IIS, Windows Authentication and the Double Hop issue