471,348 Members | 1,894 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,348 software developers and data experts.

folder permissions

Using Asp.Net/VB.Net on a Win2003 server

I need to determine if a Windows user has access to a folder on a local
drive.
One option is to impersonate, but I've read that impersonating is not
scalable via web application.

The scenario is this...

I'm trying to replicate FTP functionality using HTTPS.
A user would normally login via FTP with their credentials, and FTP would
apply windows security when accessing file system

I'm trying to mimic that authentication process FTP utilizes.
So I'm doing a normal HTTPS file upload while passing Windows credentials in
the HTTPS headers .
The calling application determines the folder where the file should be
placed. Now the server app needs to determine if the user (based on name
and password) has access to the requested folder.

Am I approaching this all wrong ? If so, what is a better way, or what API
calls should I be using to authenticate user against requested folder.

Thanks a bunch !
Bill
Jul 28 '05 #1
2 2640
Bill,
I'm trying to replicate FTP functionality using HTTPS.
A user would normally login via FTP with their credentials, and FTP would
apply windows security when accessing file system.


Hmm, I'm not sure if it possible to achieve what you are trying to do.

You say that you have the user name and password of the client. Without
logging in (impersonating as) that given user, you cannot check if the
password given is actually valid. At least I'm not aware of a way to do
this.

However, there are API functions that you can use to check if you could
access a file given a SID of a user. Could you have such a SID somehow? If
yes, see for example the functions GetFileSecurity and AccessCheck.

If you are instead able to login as the client (impersonate), then Windows
itself will tell you if the user can access the file -- or you will get an
error. This is automatic and requires no additional code from your part.
This is the method I would recommend, despite the scalability issues. But in
my opinion you cannot avoid them.

Hope this helps to give some directions.

--
Regards,

Mr. Jani Järvinen
C# MVP
Helsinki, Finland
ja***@removethis.dystopia.fi
http://www.saunalahti.fi/janij/
Jul 30 '05 #2
Thanks Jani,

I may at least try impersonating to see what peformance looks like.
I assume the FTP protocol did the same thing anyway.

Bill
"Jani Järvinen [MVP]" <ja***@removethis.dystopia.fi> wrote in message
news:eI**************@tk2msftngp13.phx.gbl...
Bill,
I'm trying to replicate FTP functionality using HTTPS.
A user would normally login via FTP with their credentials, and FTP would
apply windows security when accessing file system.


Hmm, I'm not sure if it possible to achieve what you are trying to do.

You say that you have the user name and password of the client. Without
logging in (impersonating as) that given user, you cannot check if the
password given is actually valid. At least I'm not aware of a way to do
this.

However, there are API functions that you can use to check if you could
access a file given a SID of a user. Could you have such a SID somehow? If
yes, see for example the functions GetFileSecurity and AccessCheck.

If you are instead able to login as the client (impersonate), then Windows
itself will tell you if the user can access the file -- or you will get an
error. This is automatic and requires no additional code from your part.
This is the method I would recommend, despite the scalability issues. But
in my opinion you cannot avoid them.

Hope this helps to give some directions.

--
Regards,

Mr. Jani Järvinen
C# MVP
Helsinki, Finland
ja***@removethis.dystopia.fi
http://www.saunalahti.fi/janij/

Aug 4 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

reply views Thread by Andrew Crowe | last post: by
7 posts views Thread by Kim Lots | last post: by
reply views Thread by Praveen | last post: by
6 posts views Thread by Jeff | last post: by
2 posts views Thread by skinnybloke | last post: by
6 posts views Thread by Andy Fish | last post: by
1 post views Thread by Ronak mishra | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.