Hi
I would like to know how to use impersonation, in order to write to a file
on a network share.
The user will be logging on to this web app, and will then click a button
which will write to a file on the network share. Currently though, I am
getting permissions errors. I don't want to set identity impersonate = "true"
because I gather that exposes security weaknesses. Rather, I would like the
user to have to actually enter their windows password. I would then call an
impersonate method, and then try to do it. But it is not working at the
moment, I suspect due to permissions.
Here is the code used to impersonate:
Public Function Impersonate(ByVal UserName As String, ByVal Domain As
String, ByVal Password As String) As Boolean
Dim tempWindowsIdentity As WindowsIdentity
Dim token As IntPtr
Dim tokenDuplicate As IntPtr
If LogonUser(UserName, Domain, Password, LOGON32_LOGON_INTERACTIVE, _
LOGON32_PROVIDER_DEFAULT, token) <> 0 Then
If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then
tempWindowsIdentity = New WindowsIdentity(tokenDuplicate)
impersonationContext = tempWindowsIdentity.Impersonate()
Return Not (impersonationContext Is Nothing)
End If
End If
End Function
(written in VB.NET, but equally in C#)
Running the same code to write to the text file in a windows forms
application works fine.
This throws a permissions error in ASP.NET, even though the impersonation
method appears to be successful.
Any help much appreciated
Thanks 4 1149
Don't cross post..aspnet.security is the only appropriate group you needed to post to.
One thing that should work is to make the page that performs this operation set up for "basic authentication", they will be authenticated on IIS first, then if this takes place, impersonate with code using the shorter method found here. http://support.microsoft.com/default...b;en-us;306158 I don't see why it wouldn't work, and you also won't have to worry about coding a potentially buggy interface to gather their username/password.
"Bonj" <Bo**@discussions.microsoft.com> wrote in message news:AA**********************************@microsof t.com... Hi I would like to know how to use impersonation, in order to write to a file on a network share. The user will be logging on to this web app, and will then click a button which will write to a file on the network share. Currently though, I am getting permissions errors. I don't want to set identity impersonate = "true" because I gather that exposes security weaknesses. Rather, I would like the user to have to actually enter their windows password. I would then call an impersonate method, and then try to do it. But it is not working at the moment, I suspect due to permissions. Here is the code used to impersonate: Public Function Impersonate(ByVal UserName As String, ByVal Domain As String, ByVal Password As String) As Boolean Dim tempWindowsIdentity As WindowsIdentity Dim token As IntPtr Dim tokenDuplicate As IntPtr If LogonUser(UserName, Domain, Password, LOGON32_LOGON_INTERACTIVE, _ LOGON32_PROVIDER_DEFAULT, token) <> 0 Then If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then tempWindowsIdentity = New WindowsIdentity(tokenDuplicate) impersonationContext = tempWindowsIdentity.Impersonate() Return Not (impersonationContext Is Nothing) End If End If End Function (written in VB.NET, but equally in C#) Running the same code to write to the text file in a windows forms application works fine. This throws a permissions error in ASP.NET, even though the impersonation method appears to be successful. Any help much appreciated Thanks
I've done the 'impersonate with code' bit, but I can't figure out the "make
the page set up for basic authentication" bit. Any ideas? I mean, what do I
actually need to configure other than the code I've already written?
The interface does collect their username and password, but it isn't buggy
because it doesn't store it in session variables, the query string or any
other form of memory other than the stack.
"Raterus" <mo*********@suretar.reverse> wrote in message
news:uA**************@TK2MSFTNGP11.phx.gbl...
Don't cross post..aspnet.security is the only appropriate group you needed
to post to.
One thing that should work is to make the page that performs this operation
set up for "basic authentication", they will be authenticated on IIS first,
then if this takes place, impersonate with code using the shorter method
found here. http://support.microsoft.com/default...b;en-us;306158
I don't see why it wouldn't work, and you also won't have to worry about
coding a potentially buggy interface to gather their username/password.
"Bonj" <Bo**@discussions.microsoft.com> wrote in message
news:AA**********************************@microsof t.com... Hi I would like to know how to use impersonation, in order to write to a file on a network share. The user will be logging on to this web app, and will then click a button which will write to a file on the network share. Currently though, I am getting permissions errors. I don't want to set identity impersonate = "true" because I gather that exposes security weaknesses. Rather, I would like the user to have to actually enter their windows password. I would then call an impersonate method, and then try to do it. But it is not working at the moment, I suspect due to permissions.
Here is the code used to impersonate: Public Function Impersonate(ByVal UserName As String, ByVal Domain As String, ByVal Password As String) As Boolean Dim tempWindowsIdentity As WindowsIdentity Dim token As IntPtr
Dim tokenDuplicate As IntPtr If LogonUser(UserName, Domain, Password, LOGON32_LOGON_INTERACTIVE, _ LOGON32_PROVIDER_DEFAULT, token) <> 0 Then If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then tempWindowsIdentity = New WindowsIdentity(tokenDuplicate) impersonationContext = tempWindowsIdentity.Impersonate()
Return Not (impersonationContext Is Nothing) End If End If End Function
(written in VB.NET, but equally in C#)
Running the same code to write to the text file in a windows forms application works fine. This throws a permissions error in ASP.NET, even though the impersonation method appears to be successful.
Any help much appreciated
Thanks
You have to configure basic authentication in IIS, find the page you are referring to, right-click properties, directory security tab.
"Bonj" <benjtaylor at hotpop d0t com> wrote in message news:eq**************@TK2MSFTNGP14.phx.gbl... I've done the 'impersonate with code' bit, but I can't figure out the "make the page set up for basic authentication" bit. Any ideas? I mean, what do I actually need to configure other than the code I've already written? The interface does collect their username and password, but it isn't buggy because it doesn't store it in session variables, the query string or any other form of memory other than the stack. "Raterus" <mo*********@suretar.reverse> wrote in message news:uA**************@TK2MSFTNGP11.phx.gbl... Don't cross post..aspnet.security is the only appropriate group you needed to post to. One thing that should work is to make the page that performs this operation set up for "basic authentication", they will be authenticated on IIS first, then if this takes place, impersonate with code using the shorter method found here. http://support.microsoft.com/default...b;en-us;306158 I don't see why it wouldn't work, and you also won't have to worry about coding a potentially buggy interface to gather their username/password. "Bonj" <Bo**@discussions.microsoft.com> wrote in message news:AA**********************************@microsof t.com... Hi I would like to know how to use impersonation, in order to write to a file on a network share. The user will be logging on to this web app, and will then click a button which will write to a file on the network share. Currently though, I am getting permissions errors. I don't want to set identity impersonate = "true" because I gather that exposes security weaknesses. Rather, I would like the user to have to actually enter their windows password. I would then call an impersonate method, and then try to do it. But it is not working at the moment, I suspect due to permissions.
Here is the code used to impersonate: Public Function Impersonate(ByVal UserName As String, ByVal Domain As String, ByVal Password As String) As Boolean Dim tempWindowsIdentity As WindowsIdentity Dim token As IntPtr
Dim tokenDuplicate As IntPtr If LogonUser(UserName, Domain, Password, LOGON32_LOGON_INTERACTIVE, _ LOGON32_PROVIDER_DEFAULT, token) <> 0 Then If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then tempWindowsIdentity = New WindowsIdentity(tokenDuplicate) impersonationContext = tempWindowsIdentity.Impersonate()
Return Not (impersonationContext Is Nothing) End If End If End Function
(written in VB.NET, but equally in C#)
Running the same code to write to the text file in a windows forms application works fine. This throws a permissions error in ASP.NET, even though the impersonation method appears to be successful.
Any help much appreciated
Thanks
I figured it. The problem was not permissions, but the fact that IIS
obviously doesn't understand network drives. Putting the full UNC path in it
(e.g. \\server\share$ rather than just L:\) and it works like a dream.
Didn't help but the fact that the error message was quite generic in all
cases - 'could not find a part of the path ... blah blah blah'. Which is the
same error message you get if you don't call Impersonate.
Thanks
"Raterus" wrote: You have to configure basic authentication in IIS, find the page you are referring to, right-click properties, directory security tab.
"Bonj" <benjtaylor at hotpop d0t com> wrote in message news:eq**************@TK2MSFTNGP14.phx.gbl... I've done the 'impersonate with code' bit, but I can't figure out the "make the page set up for basic authentication" bit. Any ideas? I mean, what do I actually need to configure other than the code I've already written?
The interface does collect their username and password, but it isn't buggy because it doesn't store it in session variables, the query string or any other form of memory other than the stack.
"Raterus" <mo*********@suretar.reverse> wrote in message news:uA**************@TK2MSFTNGP11.phx.gbl... Don't cross post..aspnet.security is the only appropriate group you needed to post to.
One thing that should work is to make the page that performs this operation set up for "basic authentication", they will be authenticated on IIS first, then if this takes place, impersonate with code using the shorter method found here. http://support.microsoft.com/default...b;en-us;306158 I don't see why it wouldn't work, and you also won't have to worry about coding a potentially buggy interface to gather their username/password.
"Bonj" <Bo**@discussions.microsoft.com> wrote in message news:AA**********************************@microsof t.com... Hi I would like to know how to use impersonation, in order to write to a file on a network share. The user will be logging on to this web app, and will then click a button which will write to a file on the network share. Currently though, I am getting permissions errors. I don't want to set identity impersonate = "true" because I gather that exposes security weaknesses. Rather, I would like the user to have to actually enter their windows password. I would then call an impersonate method, and then try to do it. But it is not working at the moment, I suspect due to permissions.
Here is the code used to impersonate: Public Function Impersonate(ByVal UserName As String, ByVal Domain As String, ByVal Password As String) As Boolean Dim tempWindowsIdentity As WindowsIdentity Dim token As IntPtr
Dim tokenDuplicate As IntPtr If LogonUser(UserName, Domain, Password, LOGON32_LOGON_INTERACTIVE, _ LOGON32_PROVIDER_DEFAULT, token) <> 0 Then If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then tempWindowsIdentity = New WindowsIdentity(tokenDuplicate) impersonationContext = tempWindowsIdentity.Impersonate()
Return Not (impersonationContext Is Nothing) End If End If End Function
(written in VB.NET, but equally in C#)
Running the same code to write to the text file in a windows forms application works fine. This throws a permissions error in ASP.NET, even though the impersonation method appears to be successful.
Any help much appreciated
Thanks
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Chris |
last post by:
Hello all,
Here is my problem. I have a windows service (C#) that is
supposed to move files from/to the local drive to/from a
UNC share (\\domainserver\share). The service is running
on a Win3k...
|
by: Ripa Horatiu |
last post by:
Does anyone knows how can I impersonate to another user (basically Administrator) for a piece of my code? I've tried the samples provided by MS but they didn't worked.
--
Horatiu Ripa
|
by: Anil Krishnamurthy |
last post by:
We have an ASP.NET application that uses COM objects through Interop. The
web application requires access to network and database resources and hence,
needs to impersonate a domain account. The...
|
by: techfuzz |
last post by:
I'm posting my problem experience and solution I found here for other
ASP.NET developers.
I have a web application that uses Forms Authentication with Active
Directory to control access. In...
|
by: Wm. Scott Miller |
last post by:
What is the difference between using a username and password in the
processmodel section vs using one in impersonation in the machine.config
file? What are the advantages of each and what are the...
|
by: Phil |
last post by:
Hi,
I've currently setup a local user as described in:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnne...
|
by: Patrick |
last post by:
I have an ASP.NET web service whose Web.Config is set to use impersonation
<authentication mode="Windows" />
<identity impersonate="true" />
Within a Web Method, I want to use...
|
by: velvet.graham |
last post by:
I'm having a difficult time with impersonation. I've created an
impersonation class. Here is the code below:
******Impersonation Class Code*********
Imports System
Imports System.Web.Security...
|
by: zhuang |
last post by:
Dear all,
I found a very interesting thing about viewing crystal report (located
on network drive) with asp.net application.
To do the impersonation, modify web.config does not work, you have...
|
by: =?Utf-8?B?S2l0dHlIYXdr?= |
last post by:
I am in the process of migrating an II6 environment from a single server to a
network load balanced system. Thus, I am using a virtual directory on a UNC
share to house the dynamic data that the...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |