473,320 Members | 2,202 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Accessing file system

I have a .net application that I want to run in a DMZ, with the SQL Server
and file system behind another firewall. Is there a secure way to get to
files from my application, or would it be better to have a reverse proxy
server in the DMZ and the webserver behind the second firewall?
Oct 9 '06 #1
2 2350
Hello Gerhard,

Based on your description, your webserver (in DMZ)which host the .net
application(ASP.NET app?) will need to access files on another server
behind firewall(in intranet domain), and you're wondering the proper way to
do this, correct?

As for use a reverse proxy server and move the webserver into intranet with
the fileserver, I don't think it a prefered way since that'll involve more
complexity. And generally webserver is reasonable to locate in DMZ instead
of inside intranet domain.

For your scenario, if the files on the remote server (behind firewall) is
on NTFS file system, I think you can consider using the following means in
your .net application (running on the webserver in DMZ):

1. Use impersonate to execute File access (System.IO....) code under a
specific user. And since your webserver is in DMZ, you can not use domain
user account, you need to create two duplicated local accounts (with same
username and password) on both your webserver and the file server. Then, in
your .net application, use code to programmtically impersonate as this
local account and the impersonated code can correctly access the files on
the shared folder on the remote file server(as long as you've grant
sufficient permision for this account for this account).

Here is an article describe how to programmatically impersonate the
ASP.NET application code(also apply to normal .net application)

#How to implement impersonation in an ASP.NET application
http://support.microsoft.com/kb/306158/en-us
2. The #1 approach require us to impersonate under a certain user and this
user account must be a duplicated account on both source and target
machine. To avoid this, you can consider create a "Mapped network drive"
on your webserver machine which point to the remove file share folder. You
can create such a fileshare through the server explorer's "tools-->map
network drive..." menu or use the "net use" command line command.

Then, in your .net application you can access this mapped local drive
instead of the remove UNC path. You also need to make sure that your
application's running account (security context) is the one that create the
network share mapping.

Hope this helps. Please feel free to let me know if you have anything
unclear or need any further assistance.
Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.

==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

Oct 9 '06 #2
Thank you. This was a big help.
"Steven Cheng[MSFT]" wrote:
Hello Gerhard,

Based on your description, your webserver (in DMZ)which host the .net
application(ASP.NET app?) will need to access files on another server
behind firewall(in intranet domain), and you're wondering the proper way to
do this, correct?

As for use a reverse proxy server and move the webserver into intranet with
the fileserver, I don't think it a prefered way since that'll involve more
complexity. And generally webserver is reasonable to locate in DMZ instead
of inside intranet domain.

For your scenario, if the files on the remote server (behind firewall) is
on NTFS file system, I think you can consider using the following means in
your .net application (running on the webserver in DMZ):

1. Use impersonate to execute File access (System.IO....) code under a
specific user. And since your webserver is in DMZ, you can not use domain
user account, you need to create two duplicated local accounts (with same
username and password) on both your webserver and the file server. Then, in
your .net application, use code to programmtically impersonate as this
local account and the impersonated code can correctly access the files on
the shared folder on the remote file server(as long as you've grant
sufficient permision for this account for this account).

Here is an article describe how to programmatically impersonate the
ASP.NET application code(also apply to normal .net application)

#How to implement impersonation in an ASP.NET application
http://support.microsoft.com/kb/306158/en-us
2. The #1 approach require us to impersonate under a certain user and this
user account must be a duplicated account on both source and target
machine. To avoid this, you can consider create a "Mapped network drive"
on your webserver machine which point to the remove file share folder. You
can create such a fileshare through the server explorer's "tools-->map
network drive..." menu or use the "net use" command line command.

Then, in your .net application you can access this mapped local drive
instead of the remove UNC path. You also need to make sure that your
application's running account (security context) is the one that create the
network share mapping.

Hope this helps. Please feel free to let me know if you have anything
unclear or need any further assistance.
Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.

==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

Oct 9 '06 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
by: Generic Usenet Account | last post by:
I am trying to create a Java application that reads a list of URLs from a file and stores their contents on the local file system. I have succeeded in accessing normal websites, but I am unable to...
2
by: wan2tri | last post by:
hello, good day to all of you, hi, im am new in .net , how can i access two or more object remotely , because currently im only accessing one object, windows services is the host, i have a...
2
by: Kumar | last post by:
Hi Folks, I have a question regarding my windows c# application. This application just reads MS Excel file and puts the data in to sql server database. In that excel file ,it has one named cell...
0
by: Joergen Bech | last post by:
Fairly new to ASP.NET 1.1. Getting the error below when running application on a web server outside of my control, but only the first time I run it: 1. After a long period of inactivity (or...
3
by: Jim Lewis | last post by:
I have read several things that state accessing a Web Service through a Query String should work. However, when I try to execute http://localhost/webservice1/service1.asmx/HelloWorld I get the...
4
by: Khalique | last post by:
I have built a web service whose purpose is to copy files from a secure place to client machine and vice versa. The problem I am having is perhaps related to permissions and access rights. For...
3
by: Olivier BESSON | last post by:
Hello, I have a web service of my own on a server (vb.net). I must declare it with SoapRpcMethod to be used with JAVA. This is a simple exemple method of my vb source : ...
3
by: Nathan Sokalski | last post by:
When I attempt to access a Microsoft Access database from my website, I recieve the following error: Server Error in '/' Application....
6
by: JT | last post by:
Hi, I've realized that my good fortune of not having my computer go into standby mode was the result of my application accessing a file on a shared network drive. Not going into standby is a...
3
by: FerrisUML | last post by:
Im writing a small web application and what I'd like to do is open a file, read the contents into memory and then close the file as fast as I can to free up the file for the next user. Once the...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.