Re: Impersonation in ASP.NET

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Bonj (Bonj_at_discussions.microsoft.com)
Date: 10/21/04 

Date: Thu, 21 Oct 2004 01:41:07 -0700

I figured it. The problem was not permissions, but the fact that IIS
obviously doesn't understand network drives. Putting the full UNC path in it
(e.g. \\server\share$ rather than just L:\) and it works like a dream.
Didn't help but the fact that the error message was quite generic in all
cases - 'could not find a part of the path ... blah blah blah'. Which is the
same error message you get if you don't call Impersonate.

Thanks

"Raterus" wrote:

> You have to configure basic authentication in IIS, find the page you are referring to, right-click properties, directory security tab.
>
> "Bonj" <benjtaylor at hotpop d0t com> wrote in message news:eqL2aAutEHA.2804@TK2MSFTNGP14.phx.gbl...
> > I've done the 'impersonate with code' bit, but I can't figure out the "make
> > the page set up for basic authentication" bit. Any ideas? I mean, what do I
> > actually need to configure other than the code I've already written?
> >
> > The interface does collect their username and password, but it isn't buggy
> > because it doesn't store it in session variables, the query string or any
> > other form of memory other than the stack.
> >
> > "Raterus" <moc.liamtoh@suretar.reverse> wrote in message
> > news:uA7WcNstEHA.2624@TK2MSFTNGP11.phx.gbl...
> > Don't cross post..aspnet.security is the only appropriate group you needed
> > to post to.
> >
> > One thing that should work is to make the page that performs this operation
> > set up for "basic authentication", they will be authenticated on IIS first,
> > then if this takes place, impersonate with code using the shorter method
> > found here. http://support.microsoft.com/default.aspx?scid=kb;en-us;306158
> > I don't see why it wouldn't work, and you also won't have to worry about
> > coding a potentially buggy interface to gather their username/password.
> >
> >
> > "Bonj" <Bonj@discussions.microsoft.com> wrote in message
> > news:AAB3C9B0-4126-479E-B970-56B239C45801@microsoft.com...
> > > Hi
> > > I would like to know how to use impersonation, in order to write to a file
> > > on a network share.
> > > The user will be logging on to this web app, and will then click a button
> > > which will write to a file on the network share. Currently though, I am
> > > getting permissions errors. I don't want to set identity impersonate =
> > > "true"
> > > because I gather that exposes security weaknesses. Rather, I would like
> > > the
> > > user to have to actually enter their windows password. I would then call
> > > an
> > > impersonate method, and then try to do it. But it is not working at the
> > > moment, I suspect due to permissions.
> > >
> > > Here is the code used to impersonate:
> > > Public Function Impersonate(ByVal UserName As String, ByVal Domain As
> > > String, ByVal Password As String) As Boolean
> > > Dim tempWindowsIdentity As WindowsIdentity
> > > Dim token As IntPtr
> > >
> > > Dim tokenDuplicate As IntPtr
> > > If LogonUser(UserName, Domain, Password, LOGON32_LOGON_INTERACTIVE, _
> > > LOGON32_PROVIDER_DEFAULT, token) <> 0 Then
> > > If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then
> > > tempWindowsIdentity = New WindowsIdentity(tokenDuplicate)
> > > impersonationContext = tempWindowsIdentity.Impersonate()
> > >
> > > Return Not (impersonationContext Is Nothing)
> > > End If
> > > End If
> > > End Function
> > >
> > > (written in VB.NET, but equally in C#)
> > >
> > > Running the same code to write to the text file in a windows forms
> > > application works fine.
> > > This throws a permissions error in ASP.NET, even though the impersonation
> > > method appears to be successful.
> > >
> > > Any help much appreciated
> > >
> > > Thanks
> >
> >
>

Quantcast