Article ID: 191566
Article Last Modified on 6/30/2004
APPLIES TO
- Microsoft Internet Information Server 4.0
- Microsoft Internet Information Services 5.0
This article was previously published under Q191566
SYMPTOMS
Active Server Pages (ASP) access to network resources fails if the application is running a Secure Sockets Layer (SSL) session that utilizes a client certificate that is mapped to a Microsoft Windows NT account.
Examples of errors include the following:
- If you use Scripting.FileSystemObject to access a file that is stored on a network share, you receive the following error message:
- If you access a Microsoft Access database on a network server, you receive the following error message:
For additional information on accessing network resources from IIS, click the article number below to view the article in the Microsoft Knowledge Base:
158229 INFO: Security Ramifications for IIS Applications
CAUSE
These errors occur because the Client Certificate Mapping process performs a NETWORK logon when it impersonates the mapped userid. A NETWORK logon disallows access to resources outside of those that exist on the local computer.
RESOLUTION
To work around this issue, move data locally, or do not map your client certificate to a Windows NT account. Other options include using Anonymous or Basic authentication.
Keywords: kbprb KB191566
