Wrong ACL permissions
sevensolutions opened this issue · 8 comments
It looks like ACL permissions are still wrong. They are propagating to "Subfolders and files only" but should be "This folder, subfolders and files".
Another problem: Sometimes i get "Error: Some or all identity references could not be translated."
It looks like we also need to permit IUSR and IIS_IUSRS to make the anonymous user working.
Edit: Ah thats just the default user.
We can change the anonymous identity to use the app pool user instead, via:
<configuration>
<system.webServer>
<security>
<authentication>
<anonymousAuthentication userName="" />
</authentication>
</security>
</system.webServer>
</configuration>
https://stackoverflow.com/questions/4869784/which-one-should-i-use-for-anonymous-user-identity-specific-user-iusr-or
https://learn.microsoft.com/en-us/troubleshoot/developer/webapps/iis/www-authentication-authorization/understanding-identities
I think we need to introduce a setting like "anonymous_authentication" with values "None", "Iusr" and "AppPoolIdentity"
Another problem: Sometimes i get "Error: Some or all identity references could not be translated."
I always get this error when using a target website.
<configuration> <system.webServer> <security> <authentication> <anonymousAuthentication userName="" /> </authentication> </security> </system.webServer> </configuration>
This is not working for me. I get the following error:
This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".
Ah ok.. Thanks for the feedback and sorry for the problems you're facing.
You can try to disable the Directory Security feature by setting directory_security = false
in the driver config (See Readme).
In this case the driver will not change any directory permissions.
I'll think about a solution as soon as i have some free time.
Maybe i'll disable this feature until it's stable enough.
Because of the error:
This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".
This happens, if the section is locked on server level.
If you want to change that, you go to the root node in your IIS management console, select "Feature Delegation" and then change the section for anonymous auth to "Read/Write".
Another problem: Sometimes i get "Error: Some or all identity references could not be translated."
I always get this error when using a target website.
@ElNinjaNerdT Can you please tell me a little bit about your environment you're testing on?
The following infos would be helpfull:
- driver.iis.iis_version
- os.name
- os.version
You can find them in the Web UI under Cluster > Clients
With the 0.8.0 release everything is working now as expected.
It works now even without setting anonymous authentication.
Thanks for your fast support.
@ElNinjaNerdT You're welcome. Thx for the response.
In version 0.8. i've changed this a bit to match the IIS default. I didn't know about the IUSR-user which is needed for anonymous auth because i don't really use it.
Glad to hear that your problem is solved. If you find this driver helpful, please leave a star on github. :)