Re: impersonation and accessing remote folder

From: Jon L. Lovesky (jonl_at_willowrunfoods.com)
Date: 07/26/04 

Date: Mon, 26 Jul 2004 14:23:19 -0400

Thanks for the feedback Scott. I am impersonating the user. The server and
client in this case are both on the same domain, all Windows 2000. According
to the referenced article, this means that kerberos is used. Is there any
way to verify this?

Jon

"Scott Allen" <bitmask@[nospam].fred.net> wrote in message
news:5f23g05vql85uja9gfffdp4116v0aomd63@4ax.com...
> Hi Jon:
>
> Are you impersonating or logging in the user? If it is impersonation,
> then NTLM does not support double-hop impersonations (meaning that
> once passed to the IIS server, the same credentials cannot be passed
> to a remote server to access a folder).
>
> One way around this is to use kerberos delegation:
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vsent7/html/vxconaspnetdelegation.asp
>
> --
> Scott
> http://www.OdeToCode.com
>
> On Fri, 23 Jul 2004 16:47:19 -0400, "Jon L. Lovesky"
> <jonl@willowrunfoods.com> wrote:
>
> >Hello all,
> >
> >I am attempting to access a remote folder from an asp.net application
(all
> >within the same domain). The application is configured for windows
> >authentication in IIS and the asp.net worker process runs as the local
> >ASP.NET account. When the application is about to access the remote
folder I
> >switch the security context to the remote user programmatically, then
switch
> >it back afterwards. When I run the application on my local system where I
do
> >my development, it works fine. When I run the application from the
server,
> >access to the remote folder is denied. I have verifed the security
context
> >switches to the remote user prior to accessing the remote folder and that
> >the user has been granted access to the folder, so I am not sure why
access
> >is denied. See the code below. This seems to be the accepted method to do
> >this, so what am I missing? Any suggestions are greatly appreciated.
> >
> >Jon
> >
> >
> >
> >Dim impersonationContext As
> >System.Security.Principal.WindowsImpersonationContext
> >
> >Dim currentWindowsIdentity As System.Security.Principal.WindowsIdentity
> >
> >currentWindowsIdentity = CType(HttpContext.Current.User.Identity,
> >System.Security.Principal.WindowsIdentity)
> >
> >impersonationContext = currentWindowsIdentity.Impersonate()
> >
> >'Access remote folder here and load a data table with file info
> >
> >impersonationContext.Undo()
> >
> >
>

Relevant Pages

  • Re: Imperonate user
    ... I have read examples of impersonating a user but they show only valid ... The problem is that the server needs to be logged into as the ... I was trying to impersonate the admin user account allowing ... impersonating a user in Windows 2K? ...
    (microsoft.public.dotnet.languages.vb)
  • Imperonate user
    ... I have read examples of impersonating a user but they show only valid ... transfer files from a desktop to a server (our desktops are running ... The problem is that the server needs to be logged into as the ... impersonating a user in Windows 2K? ...
    (microsoft.public.dotnet.languages.vb)
  • Re: Winlogon notification DLL and user token
    ... Have you tried impersonating the user in your DLL and then send ... something across the pipe to your COM server which then again ... if the logged-on user's desktop is visible or not. ...
    (microsoft.public.win32.programmer.kernel)
  • Re: Login problems
    ... If you say your URL to your remote server is http://localhost/newland I ... Only copying the .htaccess file is not enough! ... If my site is upload to the remote folder ...
    (comp.lang.php)
  • Re: Delegatoin w/ Protocol transition in a Windows 2000 native domain
    ... authentication is the only box checked) on the Exchange 2003 /exchange ... frontend-server by means of impersonating the user who's logged on ... This account is trusted for delegation. ... system" privelege on the ASP.NET server. ...
    (microsoft.public.dotnet.framework.aspnet)