473,804 Members | 3,745 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

When impersonation doesn't seem to work

Hi all,

I am trying to access folders on an Active Directory network share in
my ASP code.

In my config file I have the following:

<identity impersonate="tr ue" userName="OURDO MAIN\myusername "
password="mypas s"/>

I am able to access the share through other means so I know my user
account has access, but I still get the following error when I try
through my code:

"ASP.NET is not authorized to access the requested resource. Consider
granting access rights to the resource to the ASP.NET request
identity. ASP.NET has a base process identity (typically
{MACHINE}\ASPNE T on IIS 5 or Network Service on IIS 6) that is used if
the application is not impersonating. If the application is
impersonating via <identity impersonate="tr ue"/>, the identity will be
the anonymous user (typically IUSR_MACHINENAM E) or the authenticated
request user. "

Any help?
Nov 18 '05 #1
4 1313
Yeah, that can be tricky. Maybe set <authenticati on mode="Windows" /> and
turn off anonymous access. You may also need to grant "Act as part of the
operating system" privilege to the ASPNET account.

If the above doesn't work, try instead creating a COM object that accesses
the share, put that COM object into a COM+ Server Application, & run that
application under your username. Or if you're on Windows 2003, you can
create a new Application Pool, run it under your account, then set your
virtual directory to use that pool instead of the default pool.

I tried to jot down a few other ideas on a web page for my own reference...

http://www.developmentnow.com/blog/2...in-aspnet.html

--
Ben Strackany
www.developmentnow.com

<a href="http://www.development now.com">dn</a>
"Garrett" <ag*******@hotm ail.com> wrote in message
news:3a******** *************** **@posting.goog le.com...
Hi all,

I am trying to access folders on an Active Directory network share in
my ASP code.

In my config file I have the following:

<identity impersonate="tr ue" userName="OURDO MAIN\myusername "
password="mypas s"/>

I am able to access the share through other means so I know my user
account has access, but I still get the following error when I try
through my code:

"ASP.NET is not authorized to access the requested resource. Consider
granting access rights to the resource to the ASP.NET request
identity. ASP.NET has a base process identity (typically
{MACHINE}\ASPNE T on IIS 5 or Network Service on IIS 6) that is used if
the application is not impersonating. If the application is
impersonating via <identity impersonate="tr ue"/>, the identity will be
the anonymous user (typically IUSR_MACHINENAM E) or the authenticated
request user. "

Any help?

Nov 18 '05 #2
Before elevating privileges, turn on some auditing and see what
identity is actually reaching the folder.

http://www.pluralsight.com/keith/boo...ileaccess.html

Also, what's the exact line of code throwing the exception? Are there
any COM components involved?

--
Scott
http://www.OdeToCode.com/blogs/scott/

On 1 Dec 2004 12:05:32 -0800, ag*******@hotma il.com (Garrett) wrote:
Hi all,

I am trying to access folders on an Active Directory network share in
my ASP code.

In my config file I have the following:

<identity impersonate="tr ue" userName="OURDO MAIN\myusername "
password="mypa ss"/>

I am able to access the share through other means so I know my user
account has access, but I still get the following error when I try
through my code:

"ASP.NET is not authorized to access the requested resource. Consider
granting access rights to the resource to the ASP.NET request
identity. ASP.NET has a base process identity (typically
{MACHINE}\ASPN ET on IIS 5 or Network Service on IIS 6) that is used if
the application is not impersonating. If the application is
impersonatin g via <identity impersonate="tr ue"/>, the identity will be
the anonymous user (typically IUSR_MACHINENAM E) or the authenticated
request user. "

Any help?


Nov 18 '05 #3
your asp.net thread should be ok, but if you use an sta com object you are
in trouble, because the com object will not use the same thread. you can set
aspcat if its a web page, or create an sta thread (which will need to do its
own impersonation) to call the com component.

-- bruce (sqlwork.com)
"Garrett" <ag*******@hotm ail.com> wrote in message
news:3a******** *************** **@posting.goog le.com...
| Hi all,
|
| I am trying to access folders on an Active Directory network share in
| my ASP code.
|
| In my config file I have the following:
|
| <identity impersonate="tr ue" userName="OURDO MAIN\myusername "
| password="mypas s"/>
|
| I am able to access the share through other means so I know my user
| account has access, but I still get the following error when I try
| through my code:
|
| "ASP.NET is not authorized to access the requested resource. Consider
| granting access rights to the resource to the ASP.NET request
| identity. ASP.NET has a base process identity (typically
| {MACHINE}\ASPNE T on IIS 5 or Network Service on IIS 6) that is used if
| the application is not impersonating. If the application is
| impersonating via <identity impersonate="tr ue"/>, the identity will be
| the anonymous user (typically IUSR_MACHINENAM E) or the authenticated
| request user. "
|
| Any help?
Nov 18 '05 #4
I got it figured out, thanks for the help guys
Nov 18 '05 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
1
10014
Impersonation
by: Ripa Horatiu | last post by:
Does anyone knows how can I impersonate to another user (basically Administrator) for a piece of my code? I've tried the samples provided by MS but they didn't worked. -- Horatiu Ripa
C# / C Sharp
4
1454
Impersonation in ASP.NET
by: Bonj | last post by:
Hi I would like to know how to use impersonation, in order to write to a file on a network share. The user will be logging on to this web app, and will then click a button which will write to a file on the network share. Currently though, I am getting permissions errors. I don't want to set identity impersonate = "true" because I gather that exposes security weaknesses. Rather, I would like the user to have to actually enter their windows...
C# / C Sharp
5
555
C# call to C++ static class raises NullReferenceException when web.config gets modifided
by: AAguiar | last post by:
I have an asp.net project where the code behind the aspx page calls a c# class which makes calls to a managed static C++ class. The C# class works fine when the asp net worker process starts, when it is invoked by pressing "F5", or when the web.config file is modified. In all these cases the web.config file contains <identity impersonate="false" />. The mysterious problem arrises when I set <identity impersonate="true"/> in the...
ASP.NET
3
6515
Machine.Config -- ProcessModel vs Identity Impersonation
by: Wm. Scott Miller | last post by:
What is the difference between using a username and password in the processmodel section vs using one in impersonation in the machine.config file? What are the advantages of each and what are the reasons for using each? Thanks for any replies, Scott
ASP.NET
1
1170
user impersonation
by: Itai Raz | last post by:
This used to work for us under Windows 2000 server, but doesn't seem to work with Windows 2003. We are accessing an SQL Server using integrated security from ASP.Net. For some reason it seems like the user that ASP.Net is using to connect to the DB is domain\machineName$. I don't understand why that is, since I have an account set up for the IIS app to run under, and i have impersonation set to true in the web.config file for the app....
ASP.NET
0
262
is vb.net impersonating impersonation?
by: h | last post by:
Hello all, Scenario: I have developed a vb.net windows service to log on to exchange via impersonation. Exchange system is version 2000 on WIndows 2000. Development platform win xp framework 1.1 I am trying to get vb.net to impersonate a user. I have found several examples, and all of them seem to use the logonuser/duplicatetoken functions from advapi32.
Visual Basic .NET
3
1578
Question on impersonation
by: Jake Smythe | last post by:
Hello, I have some code that impersonates a user upon launching of the application. We now have the need to run some command line items. The impersonation doesn't seem to pass to the commands being run. Is there a way to do this? Basically looking for a way do a runas on a command line through an application. Thanks in advance. Below is some sample code, where we need to impersonate an admin to run command line code. Private Sub test
Visual Basic .NET
3
1477
Why Must Impersonation be Used?
by: headware | last post by:
We have a web app that is running under Integrated Windows Authentication. It must consume to a web service we are publishing on another server, also running under Integrated Windows Authentication. In order to make this work, we have to impersonate a user account with access to the web service and set the Credential property on the web service proxy object to DefaultCredentials before we actually make the web service call. If we don't...
.NET Framework
4
2333
Occasional SecurityException when impersonating a user on a new thread
by: =?iso-8859-1?q?Eir=EDkur_Fannar_Torfason?= | last post by:
I'm wrestling with a problem that I'm hoping someone can help me with. I have a web application written in VS.2003 and running on version 1.1 of the .NET Framework on XP pro and Windows server 2003 that connects to a SQL server database and authenticates itself using windows authentication. The web application is configured to impersonate a local user account that has been granted access to the database. Here's the impersonation snip...
ASP.NET
0
10583
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
0
10337
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
0
10082
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
0
9160
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
0
6854
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
5525
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
0
5654
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
4301
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
2
3822
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us