473,473 Members | 2,134 Online
Bytes | Software Development & Data Engineering Community
Create Post

Home Posts Topics Members FAQ

impersonation and accessing remote folder

Hello all,

I am attempting to access a remote folder from an asp.net application (all
within the same domain). The application is configured for windows
authentication in IIS and the asp.net worker process runs as the local
ASP.NET account. When the application is about to access the remote folder I
switch the security context to the remote user programmatically, then switch
it back afterwards. When I run the application on my local system where I do
my development, it works fine. When I run the application from the server,
access to the remote folder is denied. I have verifed the security context
switches to the remote user prior to accessing the remote folder and that
the user has been granted access to the folder, so I am not sure why access
is denied. See the code below. This seems to be the accepted method to do
this, so what am I missing? Any suggestions are greatly appreciated.

Jon

Dim impersonationContext As
System.Security.Principal.WindowsImpersonationCont ext

Dim currentWindowsIdentity As System.Security.Principal.WindowsIdentity

currentWindowsIdentity = CType(HttpContext.Current.User.Identity,
System.Security.Principal.WindowsIdentity)

impersonationContext = currentWindowsIdentity.Impersonate()

'Access remote folder here and load a data table with file info

impersonationContext.Undo()

Nov 18 '05 #1
2 2884
Hi Jon:

Are you impersonating or logging in the user? If it is impersonation,
then NTLM does not support double-hop impersonations (meaning that
once passed to the IIS server, the same credentials cannot be passed
to a remote server to access a folder).

One way around this is to use kerberos delegation:
http://msdn.microsoft.com/library/de...delegation.asp

--
Scott
http://www.OdeToCode.com

On Fri, 23 Jul 2004 16:47:19 -0400, "Jon L. Lovesky"
<jo**@willowrunfoods.com> wrote:
Hello all,

I am attempting to access a remote folder from an asp.net application (all
within the same domain). The application is configured for windows
authentication in IIS and the asp.net worker process runs as the local
ASP.NET account. When the application is about to access the remote folder I
switch the security context to the remote user programmatically, then switch
it back afterwards. When I run the application on my local system where I do
my development, it works fine. When I run the application from the server,
access to the remote folder is denied. I have verifed the security context
switches to the remote user prior to accessing the remote folder and that
the user has been granted access to the folder, so I am not sure why access
is denied. See the code below. This seems to be the accepted method to do
this, so what am I missing? Any suggestions are greatly appreciated.

Jon

Dim impersonationContext As
System.Security.Principal.WindowsImpersonationCon text

Dim currentWindowsIdentity As System.Security.Principal.WindowsIdentity

currentWindowsIdentity = CType(HttpContext.Current.User.Identity,
System.Security.Principal.WindowsIdentity)

impersonationContext = currentWindowsIdentity.Impersonate()

'Access remote folder here and load a data table with file info

impersonationContext.Undo()


Nov 18 '05 #2
Thanks for the feedback Scott. I am impersonating the user. The server and
client in this case are both on the same domain, all Windows 2000. According
to the referenced article, this means that kerberos is used. Is there any
way to verify this?

Jon

"Scott Allen" <bitmask@[nospam].fred.net> wrote in message
news:5f********************************@4ax.com...
Hi Jon:

Are you impersonating or logging in the user? If it is impersonation,
then NTLM does not support double-hop impersonations (meaning that
once passed to the IIS server, the same credentials cannot be passed
to a remote server to access a folder).

One way around this is to use kerberos delegation:
http://msdn.microsoft.com/library/de...delegation.asp
--
Scott
http://www.OdeToCode.com

On Fri, 23 Jul 2004 16:47:19 -0400, "Jon L. Lovesky"
<jo**@willowrunfoods.com> wrote:
Hello all,

I am attempting to access a remote folder from an asp.net application (allwithin the same domain). The application is configured for windows
authentication in IIS and the asp.net worker process runs as the local
ASP.NET account. When the application is about to access the remote folder Iswitch the security context to the remote user programmatically, then switchit back afterwards. When I run the application on my local system where I domy development, it works fine. When I run the application from the server,access to the remote folder is denied. I have verifed the security contextswitches to the remote user prior to accessing the remote folder and that
the user has been granted access to the folder, so I am not sure why accessis denied. See the code below. This seems to be the accepted method to do
this, so what am I missing? Any suggestions are greatly appreciated.

Jon

Dim impersonationContext As
System.Security.Principal.WindowsImpersonationCon text

Dim currentWindowsIdentity As System.Security.Principal.WindowsIdentity

currentWindowsIdentity = CType(HttpContext.Current.User.Identity,
System.Security.Principal.WindowsIdentity)

impersonationContext = currentWindowsIdentity.Impersonate()

'Access remote folder here and load a data table with file info

impersonationContext.Undo()

Nov 18 '05 #3
Create Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
1
VB .NET and WMI impersonation
by: CJ | last post by:
Hi anyone. Does anyone know of issues regarding impersonation in VB .NET with regards to accessing remote WMI information? I have a wrapper class which encapsulates various WMI calls, this...
.NET Framework
1
Why the impersonation work in one case and not the other?
by: CyberDigger | last post by:
I have two computers, client and server. The client is running Windows 2000 Professional and is in a workgroup, say "MyWorkgroup". The server is running Windows Server 2003 Standard Edition and...
.NET Framework
3
Great Difficulties Accessing my Database from an FTP site
by: prodirect | last post by:
Hi all, I hope someone can help me. I've recently created a database and wanted to put it up on an ftp sight so that multiple people could access the same tables at the same time from different...
Microsoft Access / VBA
12
Issue with ASP.NET client, COM Interop, and Identity impersonation
by: Anil Krishnamurthy | last post by:
We have an ASP.NET application that uses COM objects through Interop. The web application requires access to network and database resources and hence, needs to impersonate a domain account. The...
.NET Framework
7
impersonation in web application
by: Bonj | last post by:
Hi I made a naff web application which uses the impersonation method in MSDN (can't find it now, but it basically revolves around creating a token by calling the LogonUser API, calling...
ASP.NET
6
Impersonation in remote file server
by: Philip Lee | last post by:
Dear all, How can I access files in remote file server through my ASP.NET application only, but deny all other users? I have added <identity impersonate="true" userName="test"...
ASP.NET
15
ASP.NET -> SQL Server : Impersonation not working!
by: Patrick | last post by:
I set my web.config as follows: <authentication mode="Windows" /> <identity impersonate="true" /> Logon to my ASP.NET website as a user who can authenticate to the target database. 1) Works...
ASP.NET
8
Impersonation for accessing network resources?
by: Ben Fidge | last post by:
Hi I have a small WinForms app that needs to copy files from a shared drive on a network. If I connect to the mapped drive using Explorer, a password dialog pops-up and I have to provide...
C# / C Sharp
4
Accessing .mdb data from a remote computer on a non asp application
by: Noy B | last post by:
Hi, I have developed a small application that is using a MSAccess DB. the problem is that it was developed on a machine where the application and the DB are both located. now it needs to be...
Microsoft Access / VBA
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
1
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
1
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA
0
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp
0
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
0
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
C# / C Sharp
0
muto222
php
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us