UNC Authentication in IIS 6.0
Updated: August 22, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1
In IIS 6.0, you can use delegation of authentication, a feature of IIS 6.0 and the Windows Server 2003 family, to pass the authenticated credentials of the request user to a remote file server on which a Universal Naming Convention (UNC) share is located. Delegation of authentication, also called UNC authentication, allows virtual directories mapped to remote UNC shares to use local user authentication for access to the shares. This is preferable to the alternative of using a static user name and password, because you can limit access to specific portions of the UNC share for each user or group. Delegation of authentication works only with authentication methods that can perform delegation, for example, Basic authentication or Kerberos authentication.
IIS can be configured to secure a virtual directory as you create it or to configure an existing directory.
This section includes the following information:
Creating a Virtual Directory with a UNC Path Describes how to create a secure virtual directory that uses a UNC path.
Securing an Existing Virtual Directory with a UNC Path Describes how to configure a UNC path to secure an existing virtual directory.
Configuring Constrained Delegation for IIS: Describes how to configure constrained delegation.