Please HELP !!
I have a web page that is trying to create folders on a file server
eg. \\SERVERNAME\F4 \Projects\[New Folder Name]
Users of the web site are authenticated with Windows Integrated Security.
(have tried on W2003/IIS6 and W2k/IIS5 with no difference in behavoir)
When a user connects to the using a browser on the same machine as the
webserver the code works and is able to create the new folder.
When the same user connects from a remote machine the CreateDirectory
function generates the following Exception
System.Unauthor izedAccessExcep tion
"Access to the path \"TEST\" is denied."
Source "mscorlib"
StackTrace
System.IO.__Err or.WinIOError(I nt32 errorCode, String str)
at System.IO.Direc tory.InternalCr eateDirectory(S tring fullPath, String
path)\r\n
....
I have tried to do this in 3 ways all with the same problem;
A)
DirectoryInfo di = Directory.Creat eDirectory(newf ullpath);
B)
DirectoryInfo root = new DirectoryInfo(r ootPath);
DirectoryInfo di = root.CreateSubd irectory(folder Name);
C)
[DllImport("kern el32.dll")]
static extern bool CreateDirectory (string lpPathName, IntPtr
lpSecurityAttri butes);
....
bool result = CreateDirectory (path, IntPtr.Zero);
DirectoryInfo di = DirectoryInfo(p ath);
I have also checked that the Integrated Authentication is getting passed
correcty into the application
string origID = Thread.CurrentP rincipal.Identi ty.Name;
string contextUser = HttpContext.Cur rent.User.Ident ity.Name;
Both call return the same user regardless if the call is from the server or
a remote machine.
Needless to say that the User has the required permissions to create the
folder because they are able to do so as long as they do it from a browser on
the server itself.
If anyone can shed any light on what is going on here I would greatly
appreciate it.
Regards,
David Davies
Goldman Sachs 3 3102
Hi David:
You are facing the dreaded double hop NTLM issue. With integrated
authentication the client's credentials can make exactly one network
hop. When the browser authenticates to the web server from a remote
machine the credentials make one hop and can't be used to make a
second hop to the server with the file share (if the browser is on the
same machine as the web server the call works because there is still
only one hop involved).
A few of the solutions are:
1) Enable delegation http://support.microsoft.com/default.aspx?kbid=810572
2) Impersonate with a specific username and password, i.e.
<identity impersonate="tr ue" userName="<name >" password="<pass word>"/>
You can also do this programatically .
3) Run the ASP.NET worker process under a domain account with
permissions on both machines.
There are some good tips for 2 & 3 here: http://msdn.microsoft.com/library/de...SecNetch08.asp
HTH,
--
Scott http://www.OdeToCode.com/blogs/scott/
On Sun, 24 Oct 2004 20:51:02 -0700, David Davies
<Da*********@di scussions.micro soft.com> wrote: Please HELP !!
I have a web page that is trying to create folders on a file server
eg. \\SERVERNAME\F4 \Projects\[New Folder Name]
Users of the web site are authenticated with Windows Integrated Security.
(have tried on W2003/IIS6 and W2k/IIS5 with no difference in behavoir)
When a user connects to the using a browser on the same machine as the webserver the code works and is able to create the new folder.
When the same user connects from a remote machine the CreateDirectory function generates the following Exception System.Unautho rizedAccessExce ption "Access to the path \"TEST\" is denied." Source "mscorlib" StackTrace System.IO.__Er ror.WinIOError( Int32 errorCode, String str) at System.IO.Direc tory.InternalCr eateDirectory(S tring fullPath, String path)\r\n ...
I have tried to do this in 3 ways all with the same problem; A) DirectoryInf o di = Directory.Creat eDirectory(newf ullpath);
B) DirectoryInf o root = new DirectoryInfo(r ootPath); DirectoryInf o di = root.CreateSubd irectory(folder Name);
C) [DllImport("kern el32.dll")] static extern bool CreateDirectory (string lpPathName, IntPtr lpSecurityAttr ibutes); ... bool result = CreateDirectory (path, IntPtr.Zero); DirectoryInf o di = DirectoryInfo(p ath);
I have also checked that the Integrated Authentication is getting passed correcty into the application
string origID = Thread.CurrentP rincipal.Identi ty.Name; string contextUser = HttpContext.Cur rent.User.Ident ity.Name;
Both call return the same user regardless if the call is from the server or a remote machine. Needless to say that the User has the required permissions to create the folder because they are able to do so as long as they do it from a browser on the server itself.
If anyone can shed any light on what is going on here I would greatly appreciate it.
Regards, David Davies Goldman Sachs
Many thanks Scott.
2 and 3 are no feasable becasue the ability to create a directory must
depend on the rights of the user.
That leaves Delegation as the only option, I have followed the instructions
in the kb you posted and waited a few hours to allow for propogation but it
is still producing the same result.
Is there any way to test Delegation is functioning ?
Regards,
David
"Scott Allen" wrote: Hi David:
You are facing the dreaded double hop NTLM issue. With integrated authentication the client's credentials can make exactly one network hop. When the browser authenticates to the web server from a remote machine the credentials make one hop and can't be used to make a second hop to the server with the file share (if the browser is on the same machine as the web server the call works because there is still only one hop involved).
A few of the solutions are:
1) Enable delegation http://support.microsoft.com/default.aspx?kbid=810572
2) Impersonate with a specific username and password, i.e. <identity impersonate="tr ue" userName="<name >" password="<pass word>"/> You can also do this programatically .
3) Run the ASP.NET worker process under a domain account with permissions on both machines.
There are some good tips for 2 & 3 here: http://msdn.microsoft.com/library/de...SecNetch08.asp
HTH,
-- Scott http://www.OdeToCode.com/blogs/scott/
On Sun, 24 Oct 2004 20:51:02 -0700, David Davies <Da*********@di scussions.micro soft.com> wrote:
Please HELP !!
I have a web page that is trying to create folders on a file server
eg. \\SERVERNAME\F4 \Projects\[New Folder Name]
Users of the web site are authenticated with Windows Integrated Security.
(have tried on W2003/IIS6 and W2k/IIS5 with no difference in behavoir)
When a user connects to the using a browser on the same machine as the webserver the code works and is able to create the new folder.
When the same user connects from a remote machine the CreateDirectory function generates the following Exception System.Unautho rizedAccessExce ption "Access to the path \"TEST\" is denied." Source "mscorlib" StackTrace System.IO.__Er ror.WinIOError( Int32 errorCode, String str) at System.IO.Direc tory.InternalCr eateDirectory(S tring fullPath, String path)\r\n ...
I have tried to do this in 3 ways all with the same problem; A) DirectoryInf o di = Directory.Creat eDirectory(newf ullpath);
B) DirectoryInf o root = new DirectoryInfo(r ootPath); DirectoryInf o di = root.CreateSubd irectory(folder Name);
C) [DllImport("kern el32.dll")] static extern bool CreateDirectory (string lpPathName, IntPtr lpSecurityAttr ibutes); ... bool result = CreateDirectory (path, IntPtr.Zero); DirectoryInf o di = DirectoryInfo(p ath);
I have also checked that the Integrated Authentication is getting passed correcty into the application
string origID = Thread.CurrentP rincipal.Identi ty.Name; string contextUser = HttpContext.Cur rent.User.Ident ity.Name;
Both call return the same user regardless if the call is from the server or a remote machine. Needless to say that the User has the required permissions to create the folder because they are able to do so as long as they do it from a browser on the server itself.
If anyone can shed any light on what is going on here I would greatly appreciate it.
Regards, David Davies Goldman Sachs
Hi David:
I know of a troubleshooting paper:
Troubleshooting Kerberos Delegation http://www.microsoft.com/downloads/d...displaylang=en
It's quite extensive (lengthy) and includes links to some command line
utilities and demonstrates how to turn on some auditing. Hopefully
this can help out.
--
Scott http://www.OdeToCode.com/blogs/scott/
On Mon, 25 Oct 2004 20:27:02 -0700, David Davies
<Da*********@di scussions.micro soft.com> wrote: Many thanks Scott.
2 and 3 are no feasable becasue the ability to create a directory must depend on the rights of the user.
That leaves Delegation as the only option, I have followed the instructions in the kb you posted and waited a few hours to allow for propogation but it is still producing the same result.
Is there any way to test Delegation is functioning ?
Regards, David
"Scott Allen" wrote: This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Frederico Caldeira Knabben |
last post by:
Hello,
I'm having a problem when trying to use the Directory.CreateDirectory()
method. It throws a DirectoryNotFoundException exception. I'll try to
illustrate it:
Suppose you have the following (existing) directory:
d:\Sites\MySite\
And you whant to create the following:
|
by: Quintus Snapper |
last post by:
Hi All,
I'm having a problem with an anchor link in IE which is working
inconsistantly and I can't figure out why.
On the following website:
http://www.friendlyrentals.com/
If you click on an apartment to go to a detail page, if you scroll
|
by: Daniel |
last post by:
If I call CreateDirectory(\\\\devDriveA\\foo\\bar\\a\\b\\c) and
\\devDriveA\foo\bar already exists then sub directories a\b\c don't get
created. When I use CreateDirectory on my own file system, e.g.
CreateDirectory("c:\\a\\b\\c"); it works fine. Is there something that I
must do to get CreateDirectory to work on network drives?
|
by: H.B. |
last post by:
Hi,
Is there a way to avoid conflicts between CreateDirectory() (from API) and
Directory::CreateDirectory(). The other functions from Directory class
works(Exists() as example). It seems to be caused by the inclusion of
"windows.h" ... but I need it.
I already tried the System::IO::Directory::CreateDirectory() typo.
Any ideas ?
|
by: David Davies |
last post by:
Please HELP !!
I have a web page that is trying to create folders on a file server
eg. \\SERVERNAME\F4\Projects\
Users of the web site are authenticated with Windows Integrated Security.
(have tried on W2003/IIS6 and W2k/IIS5 with no difference in behavoir)
| |
by: Tim Mulholland |
last post by:
What are my options for getting around the issues with
Directory.CreateDirectory() when i'm working on a hosted server where the
hosting company will not allow the ASPNET user to have read/list access to
the root of the drive (as is necessary for Directory.CreateDirectory() to
work, sadly)?
I have heard of a way to use unmanaged code to call _mkdir or something like
that instead, but that's very far from a clean solution.
What options...
|
by: Clinton Frankland |
last post by:
Hi,
On a Windows 2000 Server when attempting to use
System.IO.Directory.CreateDirectory(string.concat(Server.MapPath(""),
"\verify"))
I receive a System.IO.DirectoryNotFoundException error: Could not find a
part of the path "D:\".
The full path is "D:\hshome\clinton\test.gotchasoft.com\verify"
The web is running using impersonation as a user on the local machine.
|
by: Dan Lorenz |
last post by:
When trying to use the function CreateDirectory on my local machine
everything works fine but when I upload the page to my webhost I get an issue
that it can't find path on D:\, though D:\ is what my website is found on.
This is an H-SPHERE web cluster host.
From my research I found that this issue is due to ASPNET account not having
read previdgeles on the root of the drive.
My question is what is the correct approach to solve this...
|
by: Tom |
last post by:
This is really weird, but I have the following code:
private static readonly string mString = "tempUnzipDir" +
Path.DirectorySeparatorChar;
....
public static string ExtractToTempLocation(string aZip)
{
try
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| |
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |