Re: impersonation and accessing remote folder

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Scott Allen (bitmask_at_[nospam)
Date: 07/23/04 

Date: Fri, 23 Jul 2004 18:02:36 -0400

Hi Jon:

Are you impersonating or logging in the user? If it is impersonation,
then NTLM does not support double-hop impersonations (meaning that
once passed to the IIS server, the same credentials cannot be passed
to a remote server to access a folder).

One way around this is to use kerberos delegation:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vsent7/html/vxconaspnetdelegation.asp 

--
Scott
http://www.OdeToCode.com
On Fri, 23 Jul 2004 16:47:19 -0400, "Jon L. Lovesky"
<jonl@willowrunfoods.com> wrote:
>Hello all,
>
>I am attempting to access a remote folder from an asp.net application (all
>within the same domain). The application is configured for windows
>authentication in IIS and the asp.net worker process runs as the local
>ASP.NET account. When the application is about to access the remote folder I
>switch the security context to the remote user programmatically, then switch
>it back afterwards. When I run the application on my local system where I do
>my development, it works fine. When I run the application from the server,
>access to the remote folder is denied. I have verifed the security context
>switches to the remote user prior to accessing the remote folder and that
>the user has been granted access to the folder, so I am not sure why access
>is denied. See the code below. This seems to be the accepted method to do
>this, so what am I missing? Any suggestions are greatly appreciated.
>
>Jon
>
>
>
>Dim impersonationContext As
>System.Security.Principal.WindowsImpersonationContext
>
>Dim currentWindowsIdentity As System.Security.Principal.WindowsIdentity
>
>currentWindowsIdentity = CType(HttpContext.Current.User.Identity,
>System.Security.Principal.WindowsIdentity)
>
>impersonationContext = currentWindowsIdentity.Impersonate()
>
>'Access remote folder here and load a data table with file info
>
>impersonationContext.Undo()
>
>

Relevant Pages

  • Re: Login problems
    ... If you say your URL to your remote server is http://localhost/newland I ... Only copying the .htaccess file is not enough! ... If my site is upload to the remote folder ...
    (comp.lang.php)
  • Re: impersonation and accessing remote folder
    ... I am impersonating the user. ... client in this case are both on the same domain, all Windows 2000. ... > once passed to the IIS server, the same credentials cannot be passed ... >>access to the remote folder is denied. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Impersonation works on local machine but not webserver
    ... I created a simple test project to access a file on a different server. ... public const int LOGON32_LOGON_INTERACTIVE = 2; ... WindowsImpersonationContext impersonationContext; ... public static extern int LogonUser(string lpszUserName, ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: System.IO.FileNotFoundException using file.copy
    ... to quickly test this, on the actual server, run ie and test - ... > Dim impersonationContext As ... > Dim currentWindowsIdentity As ... > trying to copy a file on a different server than the web server. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: File Access via the Web
    ... The other server "IS" on a domain. ...    The key is using adequate credentials. ... access the remote folder. ... or DirectoryInfo should be able to ...
    (microsoft.public.dotnet.languages.csharp)