467,870 Members | 1,515 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 467,870 developers. It's quick & easy.

impersonation and accessing remote folder

Hello all,

I am attempting to access a remote folder from an asp.net application (all
within the same domain). The application is configured for windows
authentication in IIS and the asp.net worker process runs as the local
ASP.NET account. When the application is about to access the remote folder I
switch the security context to the remote user programmatically, then switch
it back afterwards. When I run the application on my local system where I do
my development, it works fine. When I run the application from the server,
access to the remote folder is denied. I have verifed the security context
switches to the remote user prior to accessing the remote folder and that
the user has been granted access to the folder, so I am not sure why access
is denied. See the code below. This seems to be the accepted method to do
this, so what am I missing? Any suggestions are greatly appreciated.

Jon

Dim impersonationContext As
System.Security.Principal.WindowsImpersonationCont ext

Dim currentWindowsIdentity As System.Security.Principal.WindowsIdentity

currentWindowsIdentity = CType(HttpContext.Current.User.Identity,
System.Security.Principal.WindowsIdentity)

impersonationContext = currentWindowsIdentity.Impersonate()

'Access remote folder here and load a data table with file info

impersonationContext.Undo()

Nov 18 '05 #1
  • viewed: 2556
Share:
2 Replies
Hi Jon:

Are you impersonating or logging in the user? If it is impersonation,
then NTLM does not support double-hop impersonations (meaning that
once passed to the IIS server, the same credentials cannot be passed
to a remote server to access a folder).

One way around this is to use kerberos delegation:
http://msdn.microsoft.com/library/de...delegation.asp

--
Scott
http://www.OdeToCode.com

On Fri, 23 Jul 2004 16:47:19 -0400, "Jon L. Lovesky"
<jo**@willowrunfoods.com> wrote:
Hello all,

I am attempting to access a remote folder from an asp.net application (all
within the same domain). The application is configured for windows
authentication in IIS and the asp.net worker process runs as the local
ASP.NET account. When the application is about to access the remote folder I
switch the security context to the remote user programmatically, then switch
it back afterwards. When I run the application on my local system where I do
my development, it works fine. When I run the application from the server,
access to the remote folder is denied. I have verifed the security context
switches to the remote user prior to accessing the remote folder and that
the user has been granted access to the folder, so I am not sure why access
is denied. See the code below. This seems to be the accepted method to do
this, so what am I missing? Any suggestions are greatly appreciated.

Jon

Dim impersonationContext As
System.Security.Principal.WindowsImpersonationCon text

Dim currentWindowsIdentity As System.Security.Principal.WindowsIdentity

currentWindowsIdentity = CType(HttpContext.Current.User.Identity,
System.Security.Principal.WindowsIdentity)

impersonationContext = currentWindowsIdentity.Impersonate()

'Access remote folder here and load a data table with file info

impersonationContext.Undo()


Nov 18 '05 #2
Thanks for the feedback Scott. I am impersonating the user. The server and
client in this case are both on the same domain, all Windows 2000. According
to the referenced article, this means that kerberos is used. Is there any
way to verify this?

Jon

"Scott Allen" <bitmask@[nospam].fred.net> wrote in message
news:5f********************************@4ax.com...
Hi Jon:

Are you impersonating or logging in the user? If it is impersonation,
then NTLM does not support double-hop impersonations (meaning that
once passed to the IIS server, the same credentials cannot be passed
to a remote server to access a folder).

One way around this is to use kerberos delegation:
http://msdn.microsoft.com/library/de...delegation.asp
--
Scott
http://www.OdeToCode.com

On Fri, 23 Jul 2004 16:47:19 -0400, "Jon L. Lovesky"
<jo**@willowrunfoods.com> wrote:
Hello all,

I am attempting to access a remote folder from an asp.net application (allwithin the same domain). The application is configured for windows
authentication in IIS and the asp.net worker process runs as the local
ASP.NET account. When the application is about to access the remote folder Iswitch the security context to the remote user programmatically, then switchit back afterwards. When I run the application on my local system where I domy development, it works fine. When I run the application from the server,access to the remote folder is denied. I have verifed the security contextswitches to the remote user prior to accessing the remote folder and that
the user has been granted access to the folder, so I am not sure why accessis denied. See the code below. This seems to be the accepted method to do
this, so what am I missing? Any suggestions are greatly appreciated.

Jon

Dim impersonationContext As
System.Security.Principal.WindowsImpersonationCon text

Dim currentWindowsIdentity As System.Security.Principal.WindowsIdentity

currentWindowsIdentity = CType(HttpContext.Current.User.Identity,
System.Security.Principal.WindowsIdentity)

impersonationContext = currentWindowsIdentity.Impersonate()

'Access remote folder here and load a data table with file info

impersonationContext.Undo()

Nov 18 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

1 post views Thread by CJ | last post: by
7 posts views Thread by Bonj | last post: by
6 posts views Thread by Philip Lee | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.