473,320 Members | 1,876 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

CreateDirectory working inconsistantly from ASP.net

Please HELP !!

I have a web page that is trying to create folders on a file server

eg. \\SERVERNAME\F4\Projects\[New Folder Name]

Users of the web site are authenticated with Windows Integrated Security.

(have tried on W2003/IIS6 and W2k/IIS5 with no difference in behavoir)

When a user connects to the using a browser on the same machine as the
webserver the code works and is able to create the new folder.

When the same user connects from a remote machine the CreateDirectory
function generates the following Exception
System.UnauthorizedAccessException
"Access to the path \"TEST\" is denied."
Source "mscorlib"
StackTrace
System.IO.__Error.WinIOError(Int32 errorCode, String str)
at System.IO.Directory.InternalCreateDirectory(String fullPath, String
path)\r\n
....

I have tried to do this in 3 ways all with the same problem;
A)
DirectoryInfo di = Directory.CreateDirectory(newfullpath);

B)
DirectoryInfo root = new DirectoryInfo(rootPath);
DirectoryInfo di = root.CreateSubdirectory(folderName);

C)
[DllImport("kernel32.dll")]
static extern bool CreateDirectory(string lpPathName, IntPtr
lpSecurityAttributes);
....
bool result = CreateDirectory(path, IntPtr.Zero);
DirectoryInfo di = DirectoryInfo(path);

I have also checked that the Integrated Authentication is getting passed
correcty into the application

string origID = Thread.CurrentPrincipal.Identity.Name;
string contextUser = HttpContext.Current.User.Identity.Name;

Both call return the same user regardless if the call is from the server or
a remote machine.
Needless to say that the User has the required permissions to create the
folder because they are able to do so as long as they do it from a browser on
the server itself.

If anyone can shed any light on what is going on here I would greatly
appreciate it.

Regards,
David Davies
Goldman Sachs
Jul 21 '05 #1
3 3072
Hi David:

You are facing the dreaded double hop NTLM issue. With integrated
authentication the client's credentials can make exactly one network
hop. When the browser authenticates to the web server from a remote
machine the credentials make one hop and can't be used to make a
second hop to the server with the file share (if the browser is on the
same machine as the web server the call works because there is still
only one hop involved).

A few of the solutions are:

1) Enable delegation
http://support.microsoft.com/default.aspx?kbid=810572

2) Impersonate with a specific username and password, i.e.
<identity impersonate="true" userName="<name>" password="<password>"/>
You can also do this programatically.

3) Run the ASP.NET worker process under a domain account with
permissions on both machines.

There are some good tips for 2 & 3 here:
http://msdn.microsoft.com/library/de...SecNetch08.asp

HTH,

--
Scott
http://www.OdeToCode.com/blogs/scott/

On Sun, 24 Oct 2004 20:51:02 -0700, David Davies
<Da*********@discussions.microsoft.com> wrote:
Please HELP !!

I have a web page that is trying to create folders on a file server

eg. \\SERVERNAME\F4\Projects\[New Folder Name]

Users of the web site are authenticated with Windows Integrated Security.

(have tried on W2003/IIS6 and W2k/IIS5 with no difference in behavoir)

When a user connects to the using a browser on the same machine as the
webserver the code works and is able to create the new folder.

When the same user connects from a remote machine the CreateDirectory
function generates the following Exception
System.UnauthorizedAccessException
"Access to the path \"TEST\" is denied."
Source "mscorlib"
StackTrace
System.IO.__Error.WinIOError(Int32 errorCode, String str)
at System.IO.Directory.InternalCreateDirectory(String fullPath, String
path)\r\n
...

I have tried to do this in 3 ways all with the same problem;
A)
DirectoryInfo di = Directory.CreateDirectory(newfullpath);

B)
DirectoryInfo root = new DirectoryInfo(rootPath);
DirectoryInfo di = root.CreateSubdirectory(folderName);

C)
[DllImport("kernel32.dll")]
static extern bool CreateDirectory(string lpPathName, IntPtr
lpSecurityAttributes);
...
bool result = CreateDirectory(path, IntPtr.Zero);
DirectoryInfo di = DirectoryInfo(path);

I have also checked that the Integrated Authentication is getting passed
correcty into the application

string origID = Thread.CurrentPrincipal.Identity.Name;
string contextUser = HttpContext.Current.User.Identity.Name;

Both call return the same user regardless if the call is from the server or
a remote machine.
Needless to say that the User has the required permissions to create the
folder because they are able to do so as long as they do it from a browser on
the server itself.

If anyone can shed any light on what is going on here I would greatly
appreciate it.

Regards,
David Davies
Goldman Sachs


Jul 21 '05 #2
Many thanks Scott.

2 and 3 are no feasable becasue the ability to create a directory must
depend on the rights of the user.

That leaves Delegation as the only option, I have followed the instructions
in the kb you posted and waited a few hours to allow for propogation but it
is still producing the same result.

Is there any way to test Delegation is functioning ?

Regards,
David

"Scott Allen" wrote:
Hi David:

You are facing the dreaded double hop NTLM issue. With integrated
authentication the client's credentials can make exactly one network
hop. When the browser authenticates to the web server from a remote
machine the credentials make one hop and can't be used to make a
second hop to the server with the file share (if the browser is on the
same machine as the web server the call works because there is still
only one hop involved).

A few of the solutions are:

1) Enable delegation
http://support.microsoft.com/default.aspx?kbid=810572

2) Impersonate with a specific username and password, i.e.
<identity impersonate="true" userName="<name>" password="<password>"/>
You can also do this programatically.

3) Run the ASP.NET worker process under a domain account with
permissions on both machines.

There are some good tips for 2 & 3 here:
http://msdn.microsoft.com/library/de...SecNetch08.asp

HTH,

--
Scott
http://www.OdeToCode.com/blogs/scott/

On Sun, 24 Oct 2004 20:51:02 -0700, David Davies
<Da*********@discussions.microsoft.com> wrote:
Please HELP !!

I have a web page that is trying to create folders on a file server

eg. \\SERVERNAME\F4\Projects\[New Folder Name]

Users of the web site are authenticated with Windows Integrated Security.

(have tried on W2003/IIS6 and W2k/IIS5 with no difference in behavoir)

When a user connects to the using a browser on the same machine as the
webserver the code works and is able to create the new folder.

When the same user connects from a remote machine the CreateDirectory
function generates the following Exception
System.UnauthorizedAccessException
"Access to the path \"TEST\" is denied."
Source "mscorlib"
StackTrace
System.IO.__Error.WinIOError(Int32 errorCode, String str)
at System.IO.Directory.InternalCreateDirectory(String fullPath, String
path)\r\n
...

I have tried to do this in 3 ways all with the same problem;
A)
DirectoryInfo di = Directory.CreateDirectory(newfullpath);

B)
DirectoryInfo root = new DirectoryInfo(rootPath);
DirectoryInfo di = root.CreateSubdirectory(folderName);

C)
[DllImport("kernel32.dll")]
static extern bool CreateDirectory(string lpPathName, IntPtr
lpSecurityAttributes);
...
bool result = CreateDirectory(path, IntPtr.Zero);
DirectoryInfo di = DirectoryInfo(path);

I have also checked that the Integrated Authentication is getting passed
correcty into the application

string origID = Thread.CurrentPrincipal.Identity.Name;
string contextUser = HttpContext.Current.User.Identity.Name;

Both call return the same user regardless if the call is from the server or
a remote machine.
Needless to say that the User has the required permissions to create the
folder because they are able to do so as long as they do it from a browser on
the server itself.

If anyone can shed any light on what is going on here I would greatly
appreciate it.

Regards,
David Davies
Goldman Sachs


Jul 21 '05 #3
Hi David:

I know of a troubleshooting paper:

Troubleshooting Kerberos Delegation
http://www.microsoft.com/downloads/d...displaylang=en

It's quite extensive (lengthy) and includes links to some command line
utilities and demonstrates how to turn on some auditing. Hopefully
this can help out.

--
Scott
http://www.OdeToCode.com/blogs/scott/
On Mon, 25 Oct 2004 20:27:02 -0700, David Davies
<Da*********@discussions.microsoft.com> wrote:
Many thanks Scott.

2 and 3 are no feasable becasue the ability to create a directory must
depend on the rights of the user.

That leaves Delegation as the only option, I have followed the instructions
in the kb you posted and waited a few hours to allow for propogation but it
is still producing the same result.

Is there any way to test Delegation is functioning ?

Regards,
David

"Scott Allen" wrote:


Jul 21 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
by: Frederico Caldeira Knabben | last post by:
Hello, I'm having a problem when trying to use the Directory.CreateDirectory() method. It throws a DirectoryNotFoundException exception. I'll try to illustrate it: Suppose you have the...
3
by: Quintus Snapper | last post by:
Hi All, I'm having a problem with an anchor link in IE which is working inconsistantly and I can't figure out why. On the following website: http://www.friendlyrentals.com/ If you click...
1
by: Daniel | last post by:
If I call CreateDirectory(\\\\devDriveA\\foo\\bar\\a\\b\\c) and \\devDriveA\foo\bar already exists then sub directories a\b\c don't get created. When I use CreateDirectory on my own file system,...
1
by: H.B. | last post by:
Hi, Is there a way to avoid conflicts between CreateDirectory() (from API) and Directory::CreateDirectory(). The other functions from Directory class works(Exists() as example). It seems to be...
3
by: David Davies | last post by:
Please HELP !! I have a web page that is trying to create folders on a file server eg. \\SERVERNAME\F4\Projects\ Users of the web site are authenticated with Windows Integrated Security. ...
1
by: Tim Mulholland | last post by:
What are my options for getting around the issues with Directory.CreateDirectory() when i'm working on a hosted server where the hosting company will not allow the ASPNET user to have read/list...
9
by: Clinton Frankland | last post by:
Hi, On a Windows 2000 Server when attempting to use System.IO.Directory.CreateDirectory(string.concat(Server.MapPath(""), "\verify")) I receive a System.IO.DirectoryNotFoundException error:...
5
by: Dan Lorenz | last post by:
When trying to use the function CreateDirectory on my local machine everything works fine but when I upload the page to my webhost I get an issue that it can't find path on D:\, though D:\ is what...
4
by: Tom | last post by:
This is really weird, but I have the following code: private static readonly string mString = "tempUnzipDir" + Path.DirectorySeparatorChar; .... public static string...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
0
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.