469,611 Members | 1,978 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,611 developers. It's quick & easy.

Impersonating doesn't work on Win2003

fab
Hello,

i'm trying to browse a UNC share through an ASP.NET application and i've got
a problem :
i've tried some examples from MSDN or other web sites (using LogonUser from
Win32 API) and it works perfectly from my computer (windows XP) but it
doesn't work from a windows2003 server : i've got the famous error 1326 :
Logon failure: unknown user name or bad password. ERROR_LOGON_FAILUREis
there a special configuration for Win2003 ? i've tried to set ASPNET user
account "as part of the operating sysem" in local security policy but it
makes nothing...

thanks in advance.


May 15 '06 #1
5 1933
On Windows user account is "Network Service" and not ASPNET.
"fab" <aa*@aaaa.com> wrote in message
news:e4**********@s1.news.oleane.net...
Hello,

i'm trying to browse a UNC share through an ASP.NET application and i've
got a problem :
i've tried some examples from MSDN or other web sites (using LogonUser
from Win32 API) and it works perfectly from my computer (windows XP) but
it doesn't work from a windows2003 server : i've got the famous error 1326
:
Logon failure: unknown user name or bad password. ERROR_LOGON_FAILUREis
there a special configuration for Win2003 ? i've tried to set ASPNET user
account "as part of the operating sysem" in local security policy but it
makes nothing...

thanks in advance.

May 15 '06 #2
fab
i've also tried "Network Service" for the same result

"Winista" <na*********@hotmail.com> a écrit dans le message de news:
e7**************@TK2MSFTNGP05.phx.gbl...
On Windows user account is "Network Service" and not ASPNET.
"fab" <aa*@aaaa.com> wrote in message
news:e4**********@s1.news.oleane.net...
Hello,

i'm trying to browse a UNC share through an ASP.NET application and i've
got a problem :
i've tried some examples from MSDN or other web sites (using LogonUser
from Win32 API) and it works perfectly from my computer (windows XP) but
it doesn't work from a windows2003 server : i've got the famous error
1326 :
Logon failure: unknown user name or bad password. ERROR_LOGON_FAILUREis
there a special configuration for Win2003 ? i've tried to set ASPNET
user account "as part of the operating sysem" in local security policy
but it makes nothing...

thanks in advance.


May 15 '06 #3
For UNC path...

1. Make sure that you are impersonating as domain account who has rights on
the shares.
2. Make sure that web.config is modified to use impersonation.

Is file server same as web server?
Does your file server allow ASPNET/Network Service account to access the
share?

"fab" <aa*@aaaa.com> wrote in message
news:e4**********@s1.news.oleane.net...
i've also tried "Network Service" for the same result

"Winista" <na*********@hotmail.com> a écrit dans le message de news:
e7**************@TK2MSFTNGP05.phx.gbl...
On Windows user account is "Network Service" and not ASPNET.
"fab" <aa*@aaaa.com> wrote in message
news:e4**********@s1.news.oleane.net...
Hello,

i'm trying to browse a UNC share through an ASP.NET application and i've
got a problem :
i've tried some examples from MSDN or other web sites (using LogonUser
from Win32 API) and it works perfectly from my computer (windows XP) but
it doesn't work from a windows2003 server : i've got the famous error
1326 :
Logon failure: unknown user name or bad password. ERROR_LOGON_FAILUREis
there a special configuration for Win2003 ? i've tried to set ASPNET
user account "as part of the operating sysem" in local security policy
but it makes nothing...

thanks in advance.



May 15 '06 #4
fab
the domain account has rights on the share because when i try to browse the
share from windows explorer, it works.
I've put <identity impersonate="true" /> " in the web.config (if i set this
parameter to false, it works on my winxp config)

The file server is not the same as the web server.
How can i give the network service account of the web server (witch is a
local account on the web server i think) access to the file server ? I
thought i've to give access to the file sever's share only the account that
i impersonate ?

"Winista" <na*********@hotmail.com> a écrit dans le message de news:
ur**************@TK2MSFTNGP05.phx.gbl...
For UNC path...

1. Make sure that you are impersonating as domain account who has rights
on the shares.
2. Make sure that web.config is modified to use impersonation.

Is file server same as web server?
Does your file server allow ASPNET/Network Service account to access the
share?

"fab" <aa*@aaaa.com> wrote in message
news:e4**********@s1.news.oleane.net...
i've also tried "Network Service" for the same result

"Winista" <na*********@hotmail.com> a écrit dans le message de news:
e7**************@TK2MSFTNGP05.phx.gbl...
On Windows user account is "Network Service" and not ASPNET.
"fab" <aa*@aaaa.com> wrote in message
news:e4**********@s1.news.oleane.net...
Hello,

i'm trying to browse a UNC share through an ASP.NET application and
i've got a problem :
i've tried some examples from MSDN or other web sites (using LogonUser
from Win32 API) and it works perfectly from my computer (windows XP)
but it doesn't work from a windows2003 server : i've got the famous
error 1326 :
Logon failure: unknown user name or bad password. ERROR_LOGON_FAILUREis
there a special configuration for Win2003 ? i've tried to set ASPNET
user account "as part of the operating sysem" in local security policy
but it makes nothing...

thanks in advance.




May 16 '06 #5
For what it's worth, I just solved this problem within my own ASP.NET
application. Here's the code snippet I used to do it. The fix for me
was changing the LogonType to LOGON32_LOGON_INTERACTIVE (2) instead of
LOGON32_LOGON_NETWORK (3). Here's the code snippet that gets access to
my users...

bool bValidUser =
LogonUser("UNAME","DOMAIN","PASSWORD",(int)LOGON32 _LOGON_INTERACTIVE,(int)LOGON32_PROVIDER_DEFAULT,r ef
token);
System.Security.Principal.WindowsIdentity myWI2 = new
System.Security.Principal.WindowsIdentity(token);
System.Security.Principal.WindowsImpersonationCont ext myWIC2 =
myWI2.Impersonate();

string sDir = "\\\\UNCPATH";
string[] arFiles = System.IO.Directory.GetFiles(sDir);

Before switching the LogonType, my try block would catch the the
'access to UNCPATH is denied' error. I don't use web.config
impersonation, but I do use integrated windows authentication (just so
I'm sure only people on the domain are accessing the intranet app I'm
building). With this method, I don't think either web.config
impersonation or integrated win auth have any bearing on the results.

From
http://msdn.microsoft.com/library/de.../logonuser.asp
LOGON32_LOGON_INTERACTIVE This logon type is intended for users who
will be interactively using the computer, such as a user being logged
on by a terminal server, remote shell, or similar process. This logon
type has the additional expense of caching logon information for
disconnected operations; therefore, it is inappropriate for some
client/server applications, such as a mail server.
LOGON32_LOGON_NETWORK This logon type is intended for high performance
servers to authenticate plaintext passwords. The LogonUser function
does not cache credentials for this logon type.

I figured that maybe LOGON_NETWORK wasn't keeping the appropriate user
cached for my attempt to access the UNCPATH. I hope this helps you
out, yesterday was a pretty infuriating day trying to puzzle this out.

May 19 '06 #6

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

reply views Thread by Randy | last post: by
3 posts views Thread by George Ter-Saakov | last post: by
4 posts views Thread by Adrian Parker | last post: by
1 post views Thread by =?Utf-8?B?c3VidGlsZQ==?= | last post: by
reply views Thread by devrayhaan | last post: by
reply views Thread by gheharukoh7 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.