By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
446,275 Members | 1,995 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 446,275 IT Pros & Developers. It's quick & easy.

I am stucked: Working on a network mapped drive via Web Service

P: n/a
Hi All,

Can any one suggest me a best way to do this ..

I have a thrid party tool "EXE" that we need to use with our web service to
manipulate some complex XML files, which reside in a seperate files server.
we have mapped the fodler to a different folder and need to allow the EXE to
process on the mapped drive. When I trigger the EXE via web service the EXE
get the permission of the launching user (mean ASP.NET user) resulting a
permission issue. Mapped drive cannot access by the IIS (web application)
user.

I am keeping this open .. please advice me the best approach I can take here
to do this assuming that I cannot change the EXE or the mapped drive
requirements.

Thanks,
Regards,
Nirosh.

Nov 17 '05 #1
Share this Question
Share on Google+
5 Replies


P: n/a
Hi,

Either run the corresponding ASP .NET application in a dedicated application
pool running under a user account with sufficient permissions to access the
mapped network drive,

Or

Log in as such a user and impersonate for the time necessary to access the
mapped network drive. In this case, you'll need to grant elevated priveleges
to the ASPNET account ("Act as part of the operating system" if I'm not
mistaken).

--
Sincerely,
Dmytro Lapshyn [Visual Developer - Visual C# MVP]
"Nirosh" <te**@test.lk> wrote in message
news:uK**************@TK2MSFTNGP12.phx.gbl...
Hi All,

Can any one suggest me a best way to do this ..

I have a thrid party tool "EXE" that we need to use with our web service
to
manipulate some complex XML files, which reside in a seperate files
server.
we have mapped the fodler to a different folder and need to allow the EXE
to
process on the mapped drive. When I trigger the EXE via web service the
EXE
get the permission of the launching user (mean ASP.NET user) resulting a
permission issue. Mapped drive cannot access by the IIS (web application)
user.

I am keeping this open .. please advice me the best approach I can take
here
to do this assuming that I cannot change the EXE or the mapped drive
requirements.

Thanks,
Regards,
Nirosh.


Nov 17 '05 #2

P: n/a
Great suggestion Lapshyn,

Yes the first option is already evaluated and has decide as our long term
goal, and with your reply it cofirm that we are in the correct path.

But as the short term solution I like to go with the second option,
can you please give little more help on this
Log in as such a user and impersonate for the time necessary to access the
mean some thing like this in the web.config file
<identity impersonate="true"
userName="Wharton\tci"
password="pccd7972" />
mapped network drive. In this case, you'll need to grant elevated
priveleges to the ASPNET account ("Act as part of the operating system" if
I'm not mistaken).
What is this mean, I tried to google but I didn't get any clue? could you
provide me little more data..mean time I will try to find a path on this
line..

Thanks,
Nirosh.

"Dmytro Lapshyn [MVP]" <x-****@no-spam-please.hotpop.com> wrote in message
news:ug*************@tk2msftngp13.phx.gbl... Hi,

Either run the corresponding ASP .NET application in a dedicated
application pool running under a user account with sufficient permissions
to access the mapped network drive,

Or

Log in as such a user and impersonate for the time necessary to access the
mapped network drive. In this case, you'll need to grant elevated
priveleges to the ASPNET account ("Act as part of the operating system" if
I'm not mistaken).

--
Sincerely,
Dmytro Lapshyn [Visual Developer - Visual C# MVP]
"Nirosh" <te**@test.lk> wrote in message
news:uK**************@TK2MSFTNGP12.phx.gbl...
Hi All,

Can any one suggest me a best way to do this ..

I have a thrid party tool "EXE" that we need to use with our web service
to
manipulate some complex XML files, which reside in a seperate files
server.
we have mapped the fodler to a different folder and need to allow the EXE
to
process on the mapped drive. When I trigger the EXE via web service the
EXE
get the permission of the launching user (mean ASP.NET user) resulting a
permission issue. Mapped drive cannot access by the IIS (web application)
user.

I am keeping this open .. please advice me the best approach I can take
here
to do this assuming that I cannot change the EXE or the mapped drive
requirements.

Thanks,
Regards,
Nirosh.

Nov 17 '05 #3

P: n/a
Network sessions are (logon) session bound, that means that when you map a
drive in your interactive logon session, that network session cannot be
seen/used by another logon session.
Now IIS creates a logon session for asp.net using the process credentials
specified in your web.config file (the default being aspnet), and all
programs spawned from within asp.net will use the same credentials when
accessing network resources. Now aspnet has no network credentials, so you
will have to create a use record from within your webservice specifying the
local drive the Fileshare and user credentials with appropriate privileges
to that remote share.

The easiest way to do this is by issuing a "net use" command using the
Process.Start() method.
The following is a small sample that shows you how to map \\\\bob\\share to
a local drive z: using bobby's credentials (bob\bobby is the userid and
BobsPass it's password, note that bob can be a domain name or a machine
name, so here "bob" is the remote machine name and Bobby is a local user on
Bob).
ProcessStartInfo psi = new ProcessStartInfo();
psi.CreateNoWindow = true;
psi.WindowStyle = ProcessWindowStyle.Hidden;
psi.FileName = "cmd";
psi.Arguments = "/c net use z: \\\\bob\\share BobsPass /user:bob\\bobby";
Process proc = Process.Start(psi);
proc.WaitForExit();
if(proc.ExitCode != 0)
...

Note that you should also delete the mapping when done with it (using "net
use z: /delete"), I would also suggest you to map the drive for at least the
duration of the session and not for every webrequest
Note also that all this wouldn't have been necessary if the EXE had used UNC
paths instead of mapped drives, but I guess the EXE is written to only
access local drives.
Note that the options suggested by Dmytro don't work, the first make no
sense you'll need to map the drive anyway. the second method as suggested by
Dmytro, doesn't work either, the spawned exe will use the parent's process's
credentials NOT those of the impersonating thread.

Willy.
"Nirosh" <te**@test.lk> wrote in message
news:ON*****************@TK2MSFTNGP10.phx.gbl...
Great suggestion Lapshyn,

Yes the first option is already evaluated and has decide as our long term
goal, and with your reply it cofirm that we are in the correct path.

But as the short term solution I like to go with the second option,
can you please give little more help on this
Log in as such a user and impersonate for the time necessary to access
the


mean some thing like this in the web.config file
<identity impersonate="true"
userName="Wharton\tci"
password="pccd7972" />
mapped network drive. In this case, you'll need to grant elevated
priveleges to the ASPNET account ("Act as part of the operating system"
if I'm not mistaken).


What is this mean, I tried to google but I didn't get any clue? could you
provide me little more data..mean time I will try to find a path on this
line..

Thanks,
Nirosh.

"Dmytro Lapshyn [MVP]" <x-****@no-spam-please.hotpop.com> wrote in message
news:ug*************@tk2msftngp13.phx.gbl...
Hi,

Either run the corresponding ASP .NET application in a dedicated
application pool running under a user account with sufficient permissions
to access the mapped network drive,

Or

Log in as such a user and impersonate for the time necessary to access
the mapped network drive. In this case, you'll need to grant elevated
priveleges to the ASPNET account ("Act as part of the operating system"
if I'm not mistaken).

--
Sincerely,
Dmytro Lapshyn [Visual Developer - Visual C# MVP]
"Nirosh" <te**@test.lk> wrote in message
news:uK**************@TK2MSFTNGP12.phx.gbl...
Hi All,

Can any one suggest me a best way to do this ..

I have a thrid party tool "EXE" that we need to use with our web service
to
manipulate some complex XML files, which reside in a seperate files
server.
we have mapped the fodler to a different folder and need to allow the
EXE to
process on the mapped drive. When I trigger the EXE via web service the
EXE
get the permission of the launching user (mean ASP.NET user) resulting a
permission issue. Mapped drive cannot access by the IIS (web
application)
user.

I am keeping this open .. please advice me the best approach I can take
here
to do this assuming that I cannot change the EXE or the mapped drive
requirements.

Thanks,
Regards,
Nirosh.


Nov 17 '05 #4

P: n/a
there u go ... I see the light now.. I can take it on now.. thank you very
much for this..

I guess Argument has a typing mistake, for others the correction is bellow

psi.Arguments = "net use z: \\\\bob\\share BobsPass /user:bob\\bobby";

Nirosh.

"Willy Denoyette [MVP]" <wi*************@telenet.be> wrote in message
news:ex*************@tk2msftngp13.phx.gbl...
Network sessions are (logon) session bound, that means that when you map a
drive in your interactive logon session, that network session cannot be
seen/used by another logon session.
Now IIS creates a logon session for asp.net using the process credentials
specified in your web.config file (the default being aspnet), and all
programs spawned from within asp.net will use the same credentials when
accessing network resources. Now aspnet has no network credentials, so you
will have to create a use record from within your webservice specifying
the local drive the Fileshare and user credentials with appropriate
privileges to that remote share.

The easiest way to do this is by issuing a "net use" command using the
Process.Start() method.
The following is a small sample that shows you how to map \\\\bob\\share
to a local drive z: using bobby's credentials (bob\bobby is the userid and
BobsPass it's password, note that bob can be a domain name or a machine
name, so here "bob" is the remote machine name and Bobby is a local user
on Bob).
ProcessStartInfo psi = new ProcessStartInfo();
psi.CreateNoWindow = true;
psi.WindowStyle = ProcessWindowStyle.Hidden;
psi.FileName = "cmd";
psi.Arguments = "/c net use z: \\\\bob\\share BobsPass
/user:bob\\bobby";
Process proc = Process.Start(psi);
proc.WaitForExit();
if(proc.ExitCode != 0)
...

Note that you should also delete the mapping when done with it (using "net
use z: /delete"), I would also suggest you to map the drive for at least
the duration of the session and not for every webrequest
Note also that all this wouldn't have been necessary if the EXE had used
UNC paths instead of mapped drives, but I guess the EXE is written to only
access local drives.
Note that the options suggested by Dmytro don't work, the first make no
sense you'll need to map the drive anyway. the second method as suggested
by Dmytro, doesn't work either, the spawned exe will use the parent's
process's credentials NOT those of the impersonating thread.

Willy.
"Nirosh" <te**@test.lk> wrote in message
news:ON*****************@TK2MSFTNGP10.phx.gbl...
Great suggestion Lapshyn,

Yes the first option is already evaluated and has decide as our long term
goal, and with your reply it cofirm that we are in the correct path.

But as the short term solution I like to go with the second option,
can you please give little more help on this
Log in as such a user and impersonate for the time necessary to access
the


mean some thing like this in the web.config file
<identity impersonate="true"
userName="Wharton\tci"
password="pccd7972" />
mapped network drive. In this case, you'll need to grant elevated
priveleges to the ASPNET account ("Act as part of the operating system"
if I'm not mistaken).


What is this mean, I tried to google but I didn't get any clue? could you
provide me little more data..mean time I will try to find a path on this
line..

Thanks,
Nirosh.

"Dmytro Lapshyn [MVP]" <x-****@no-spam-please.hotpop.com> wrote in
message news:ug*************@tk2msftngp13.phx.gbl...
Hi,

Either run the corresponding ASP .NET application in a dedicated
application pool running under a user account with sufficient
permissions to access the mapped network drive,

Or

Log in as such a user and impersonate for the time necessary to access
the mapped network drive. In this case, you'll need to grant elevated
priveleges to the ASPNET account ("Act as part of the operating system"
if I'm not mistaken).

--
Sincerely,
Dmytro Lapshyn [Visual Developer - Visual C# MVP]
"Nirosh" <te**@test.lk> wrote in message
news:uK**************@TK2MSFTNGP12.phx.gbl...
Hi All,

Can any one suggest me a best way to do this ..

I have a thrid party tool "EXE" that we need to use with our web
service to
manipulate some complex XML files, which reside in a seperate files
server.
we have mapped the fodler to a different folder and need to allow the
EXE to
process on the mapped drive. When I trigger the EXE via web service the
EXE
get the permission of the launching user (mean ASP.NET user) resulting
a
permission issue. Mapped drive cannot access by the IIS (web
application)
user.

I am keeping this open .. please advice me the best approach I can take
here
to do this assuming that I cannot change the EXE or the mapped drive
requirements.

Thanks,
Regards,
Nirosh.



Nov 17 '05 #5

P: n/a
If you mean by this that the /C is not required, I'm affraid you are wrong,
the /C option tells the cmd shell to exit when done executing the command,
without this option cmd.exe stays active.

Willy.
"Nirosh" <te**@test.lk> wrote in message
news:eX**************@TK2MSFTNGP12.phx.gbl...
there u go ... I see the light now.. I can take it on now.. thank you very
much for this..

I guess Argument has a typing mistake, for others the correction is bellow

psi.Arguments = "net use z: \\\\bob\\share BobsPass /user:bob\\bobby";

Nirosh.

"Willy Denoyette [MVP]" <wi*************@telenet.be> wrote in message
news:ex*************@tk2msftngp13.phx.gbl...
Network sessions are (logon) session bound, that means that when you map
a drive in your interactive logon session, that network session cannot be
seen/used by another logon session.
Now IIS creates a logon session for asp.net using the process credentials
specified in your web.config file (the default being aspnet), and all
programs spawned from within asp.net will use the same credentials when
accessing network resources. Now aspnet has no network credentials, so
you will have to create a use record from within your webservice
specifying the local drive the Fileshare and user credentials with
appropriate privileges to that remote share.

The easiest way to do this is by issuing a "net use" command using the
Process.Start() method.
The following is a small sample that shows you how to map \\\\bob\\share
to a local drive z: using bobby's credentials (bob\bobby is the userid
and BobsPass it's password, note that bob can be a domain name or a
machine name, so here "bob" is the remote machine name and Bobby is a
local user on Bob).
ProcessStartInfo psi = new ProcessStartInfo();
psi.CreateNoWindow = true;
psi.WindowStyle = ProcessWindowStyle.Hidden;
psi.FileName = "cmd";
psi.Arguments = "/c net use z: \\\\bob\\share BobsPass
/user:bob\\bobby";
Process proc = Process.Start(psi);
proc.WaitForExit();
if(proc.ExitCode != 0)
...

Note that you should also delete the mapping when done with it (using
"net use z: /delete"), I would also suggest you to map the drive for at
least the duration of the session and not for every webrequest
Note also that all this wouldn't have been necessary if the EXE had used
UNC paths instead of mapped drives, but I guess the EXE is written to
only access local drives.
Note that the options suggested by Dmytro don't work, the first make no
sense you'll need to map the drive anyway. the second method as suggested
by Dmytro, doesn't work either, the spawned exe will use the parent's
process's credentials NOT those of the impersonating thread.

Willy.
"Nirosh" <te**@test.lk> wrote in message
news:ON*****************@TK2MSFTNGP10.phx.gbl...
Great suggestion Lapshyn,

Yes the first option is already evaluated and has decide as our long
term goal, and with your reply it cofirm that we are in the correct
path.

But as the short term solution I like to go with the second option,
can you please give little more help on this

Log in as such a user and impersonate for the time necessary to access
the

mean some thing like this in the web.config file
<identity impersonate="true"
userName="Wharton\tci"
password="pccd7972" />

mapped network drive. In this case, you'll need to grant elevated
priveleges to the ASPNET account ("Act as part of the operating system"
if I'm not mistaken).

What is this mean, I tried to google but I didn't get any clue? could
you provide me little more data..mean time I will try to find a path on
this line..

Thanks,
Nirosh.

"Dmytro Lapshyn [MVP]" <x-****@no-spam-please.hotpop.com> wrote in
message news:ug*************@tk2msftngp13.phx.gbl...
Hi,

Either run the corresponding ASP .NET application in a dedicated
application pool running under a user account with sufficient
permissions to access the mapped network drive,

Or

Log in as such a user and impersonate for the time necessary to access
the mapped network drive. In this case, you'll need to grant elevated
priveleges to the ASPNET account ("Act as part of the operating system"
if I'm not mistaken).

--
Sincerely,
Dmytro Lapshyn [Visual Developer - Visual C# MVP]
"Nirosh" <te**@test.lk> wrote in message
news:uK**************@TK2MSFTNGP12.phx.gbl...
> Hi All,
>
> Can any one suggest me a best way to do this ..
>
> I have a thrid party tool "EXE" that we need to use with our web
> service to
> manipulate some complex XML files, which reside in a seperate files
> server.
> we have mapped the fodler to a different folder and need to allow the
> EXE to
> process on the mapped drive. When I trigger the EXE via web service
> the EXE
> get the permission of the launching user (mean ASP.NET user) resulting
> a
> permission issue. Mapped drive cannot access by the IIS (web
> application)
> user.
>
> I am keeping this open .. please advice me the best approach I can
> take here
> to do this assuming that I cannot change the EXE or the mapped drive
> requirements.
>
> Thanks,
> Regards,
> Nirosh.
>
>
>



Nov 17 '05 #6

This discussion thread is closed

Replies have been disabled for this discussion.