Microsoft Office Tutorials and References
In Depth Information
Chapter 8: Security
UNC and HTTP Locations
Excel Services has two ways of determining which credentials to use to authorize the user against a
UNC or HTTP workbook. You can set the File Access Method in the Security section of the Excel
Services administration settings to determine the credentials used.
When you set the File Access Method to Impersonation (as shown in Figure 8-1), the ECS uses the
impersonated user’s credentials to open the file. Impersonation is the default option for this setting. When you
use Impersonation, the authorization is done by the UNC or HTTP location, based on the user’s
permissions to those files.
Use this option if the end user’s credentials are delegated from the WFE to the ECS. This is done when
the WFE and the ECS are deployed to the same machine, or Kerberos-constrained delegation is used
between the WFE and the ECS. If the end user’s credentials are not delegated to the ECS, attempting to
use Impersonation to get the workbook fails.
When you set the File Access Method to Process Account, the ECS opens the file using its own process
account. The file opens if the account under which the ECS process is running has permissions to read
the file, regardless of the end user account. This option is less secure, so you should use it only in cases
when you want to allow all authenticated users access to certain UNC or HTTP files.