Article ID: 214806
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 7.0 running on Microsoft Windows Server 2008. IIS 7.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/prodtech/IIS.mspxFor more information about IIS 7.0, visit the following Microsoft Web site:
When a user sets up a virtual directory that maps a UNC path to a remote computer, Internet Information Server (IIS) or Internet Information Services (IIS) requests a user name and password to create that link to the remote computer. Any attempt to view the content on the virtual directory uses the credentials of the user that was typed in, even if the user was authenticated by IIS.
You can set up IIS 4.0 or IIS 5.0 to pass the user name and password entered for Basic authentication, and use this pass-through authentication to connect to the remote share. Windows NT Challenge/Response authentication is not supported, because it does not send the password for the UNC connection.
To set up pass-through authentication, do the following:
When your users connect and authenticate, the name they type in will be used to connect over the UNC connection to the remote share or content. The Webmaster can now set share-level or NTFS-level permissions, and the user account typed in by the client will be the one used to check against the ACL of these objects.
Note: Any change to this virtual directory in the Internet Service Manager changes the metabase settings above. Therefore, the above steps will need to be performed again.